Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HDKuOe.exe

Overview

General Information

Sample name:HDKuOe.exe
Analysis ID:1502271
MD5:4ebffced85203bc1c3c5d9f3afd1045d
SHA1:35b481018a1087dac0fb57590a57175f51783a34
SHA256:5310a58317bf00aff0e0d9d6f2008b3389c5298b2c53513fc3ba08e887fca864
Tags:exe
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for dropped file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • HDKuOe.exe (PID: 2260 cmdline: "C:\Users\user\Desktop\HDKuOe.exe" MD5: 4EBFFCED85203BC1C3C5D9F3AFD1045D)
    • setup.exe (PID: 6224 cmdline: "C:\Users\user\AppData\Local\Temp\setup.exe" MD5: 12F9523E0ADA8BDABC28FA142D6E56BD)
      • Snetchball.exe (PID: 4584 cmdline: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 2328 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 3272 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6148 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6232 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6252 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6612 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6764 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6708 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6816 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 6900 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 7068 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 4820 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
          • Snetchball.exe (PID: 1072 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 4144 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2 MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 4208 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3856 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 5720 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 2180 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 2568 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736499434 --mojo-platform-channel-handle=4220 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1 MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 5916 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736521392 --mojo-platform-channel-handle=4268 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1 MD5: A011E4E8E7502FDFCD1C52A98392FF46)
        • Snetchball.exe (PID: 3332 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
  • Snetchball.exe (PID: 3492 cmdline: "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" MD5: A011E4E8E7502FDFCD1C52A98392FF46)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\setup.exe, ProcessId: 6224, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Snetchball

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: HDKuOe.exeAvira: detected
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeAvira: detection malicious, Label: HEUR/AGEN.1352426
Source: C:\Users\user\AppData\Local\Temp\setup.exeAvira: detection malicious, Label: HEUR/AGEN.1359405
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\huge[1].datAvira: detection malicious, Label: HEUR/AGEN.1359405
Multi AV Scanner detection for submitted file
Source: HDKuOe.exeVirustotal: Detection: 14%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Snetchball\Del.exeJoe Sandbox ML: detected
Source: HDKuOe.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SnetchballJump to behavior
Source: HDKuOe.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256f source: Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdb source: widevinecdmadapter.dll.6.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: Snetchball.exe, Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D3DCompiler_47.pdb source: d3dcompiler_47.dll.6.dr
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdb source: Snetchball.exe, Snetchball.exe, 00000010.00000002.2939914610.00000000055F2000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: d3dcompiler_47.dll.6.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdbLK source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdbSHA256 source: Snetchball.exe, 00000010.00000002.2939914610.00000000055F2000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdbGCTL source: widevinecdmadapter.dll.6.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdb source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>hlslFlagshlslTargethlslEntryhlslDefinesinternal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: d3dcompiler_47.dll.6.dr
Source: Snetchball.exe, 0000000F.00000002.2889534775.0000000003251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.install-stat.debug.world/clients/activity
Source: Snetchball.exe, 0000000F.00000002.2889534775.0000000003251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.install-stat.debug.world/clients/installs
Source: es-419.pak.6.drString found in binary or memory: http://ejemplo.com
Source: Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
Source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: HDKuOe.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: HDKuOe.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Snetchball.exe, 00000007.00000002.2871288348.0000000002CE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Snetchball.exe, 00000010.00000002.2890248657.0000000002C17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sup4tsk.biz
Source: Snetchball.exe, 00000007.00000002.2871288348.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sup4tsk.biz/c/g
Source: Snetchball.exe, 00000007.00000002.2871288348.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sup4tsk.biz/c/g4
Source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.apache.org/).
Source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: icudtl.dat.6.drString found in binary or memory: http://www.unicode.org/copyright.html
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: en-US.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: en-US.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
Source: es-419.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=es-419&category=theme81https://myactivity.google.com/myactivit
Source: es-419.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=es-419Ctrl$1
Source: et.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=et&category=theme81https://myactivity.google.com/myactivity/?u
Source: et.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=etCtrl$1
Source: fil.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=fil&category=theme81https://myactivity.google.com/myactivity/?
Source: fil.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=filCtrl$1
Source: fr.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=frCtrl$1
Source: hi.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?u
Source: hi.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=hiCtrl$1
Source: hr.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=hr&category=theme81https://myactivity.google.com/myactivity/?u
Source: hr.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=hrCtrl$1
Source: id.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=id&category=theme81https://myactivity.google.com/myactivity/?u
Source: id.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=idCtrl$1
Source: it.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=it&category=theme81https://myactivity.google.com/myactivity/?u
Source: it.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=itCtrl$1
Source: ml.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=ml&category=theme81https://myactivity.google.com/myactivity/?u
Source: ml.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=mlCtrl$1
Source: pt-BR.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=pt-BR&category=theme81https://myactivity.google.com/myactivity
Source: pt-BR.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=pt-BRCtrl$1
Source: ru.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?u
Source: ru.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=ruCtrl$1
Source: te.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u
Source: te.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=teCtrl$1
Source: th.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u
Source: th.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=thCtrl$1
Source: uk.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: uk.pak.6.drString found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, it.pak.6.dr, es-419.pak.6.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: es-419.pak.6.drString found in binary or memory: https://ejemplo.com.Se
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.dr, fr.pak.6.drString found in binary or memory: https://myactivity.google.com/
Source: th.pak.6.dr, uk.pak.6.dr, ru.pak.6.drString found in binary or memory: https://passwords.google.com
Source: id.pak.6.drString found in binary or memory: https://passwords.google.comAkun
Source: pt-BR.pak.6.drString found in binary or memory: https://passwords.google.comConta
Source: es-419.pak.6.drString found in binary or memory: https://passwords.google.comCuenta
Source: et.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, en-US.pak.6.dr, it.pak.6.dr, fil.pak.6.drString found in binary or memory: https://passwords.google.comGoogle
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.dr, fr.pak.6.drString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.dr, fr.pak.6.drString found in binary or memory: https://policies.google.com/
Source: Snetchball.exe, 00000007.00000002.2871288348.0000000002CF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rouonixon.com/4/5965567/?ymid=853478517214556160
Source: Snetchball.exe, 00000007.00000002.2871288348.0000000002CF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rouonixon.com/4/5965567/?ymid=853478517214556160&var=5965566&price=
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, it.pak.6.dr, es-419.pak.6.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drString found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: Snetchball.exe, 00000007.00000002.2918170163.0000000004FD6000.00000002.00000001.01000000.0000000C.sdmp, Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: th.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, uk.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: ru.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&
Source: et.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&biHaldab
Source: pt-BR.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciado
Source: es-419.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&yudaAdministrado
Source: id.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlDikelola
Source: it.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlG&uidaGestito
Source: en-US.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
Source: hr.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&omo
Source: fil.pak.6.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&ulongPinapamahalaan
Source: Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: Snetchball.exe, Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: Snetchball.exeProcess created: 40
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_027C4F587_2_027C4F58
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_027C38607_2_027C3860
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_027C10497_2_027C1049
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_053967F87_2_053967F8
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_05397C087_2_05397C08
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_05395F287_2_05395F28
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_053957E07_2_053957E0
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_05397BF87_2_05397BF8
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_062765B07_2_062765B0
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_06E307907_2_06E30790
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_06E3D5307_2_06E3D530
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 10_2_02194F5810_2_02194F58
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 10_2_0219386010_2_02193860
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 11_2_00E64F5811_2_00E64F58
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 11_2_00E6386011_2_00E63860
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 12_2_01574F5812_2_01574F58
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 12_2_0157386012_2_01573860
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 12_2_0157104912_2_01571049
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 13_2_01134F5813_2_01134F58
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 13_2_0113386013_2_01133860
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 13_2_0113104913_2_01131049
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 15_2_01804F5815_2_01804F58
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 15_2_0180386015_2_01803860
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 15_2_0180104915_2_01801049
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 16_2_029B4F5816_2_029B4F58
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 16_2_029B386016_2_029B3860
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 16_2_029B104916_2_029B1049
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nsa4F20.tmp\liteFirewall.dll 9DB9C58E44DFF2D985DC078FDBB7498DCC66C4CC4EB12F68DE6A98A5D665ABBD
Source: HDKuOe.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Ionic.Zip.dll.6.dr, WinZipAesCipherStream.csCryptographic APIs: 'TransformBlock'
Source: Ionic.Zip.dll.6.dr, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock'
Source: Ionic.Zip.dll.6.dr, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: Snetchball.exe.6.dr, Program.csBase64 encoded string: 'g9aKh48nB3kUiC1X1FnSd5o2PQd1VDfRTlOdWlq6XEV35mmTvN1jbxAei/gnFkVJ', 'Uss3SxeVoQwpPhAEZc7dx7wJi2TAFv2cgRUi4jwJCAso+kbbt/8KMJk3rBVv6DFWgVP9Am51k69cA1wdKXB1PQ==', 'PYW1iL5Wc5AMSqMHh8ZBS1tmWmbjfH9MrCM6cpKwnYZxfU4Sfg/JK0pOnHoPQS0DgnyCoBYmYDFhp5d4zthc92h9jeNSFuFFrE7HUic4OrsKBuS9j6DP349zpNuyUUgImgqL1gl+FaXo2w3tXecVFks625ZS8RT9dGKhef9dQGHrKto/OZmqMV03cu9XpHAZ0RrCbc4F2435ENEnQw0gY57wWkcNgrTyjZVzftbSkOi8xPfHk/gyIFPVGnf9iecBQQKLds++DpjlKvbpapOOZAWgYMWdPsTizFM1og+mgoJbvS030rYxWi4xZN5JJiP3dV89EK47m4NOeQXUEzToQJ0pAJSNAsU7SUNS93hqQhk95bDaAulxq8Nkuj90Hvj1UIbFNtlGp6NZk1aRSHEHcNnz9oNOIkj+ctX5V5jrWvUNQbOn2SKpM6HEci0KSmo66+FSG3fHFfG2BQLQXwn/4dvIS4SH6V0ZsAuJ80YGLYDRMCxQ70+P1PiGpZdNXAKdtUUcNiDVPyUgkKiXbGg7KbSazxHIVHtYw47TktCrxc4gXklh2O/tdOud6oRps9T/SPXN6EkbJlCmjNrqbl6OctAtF9briZQCINqOxL/dNhLOAWk+6n7f/0ScVwRzpvjGODmUVBZ0x4Gjw1UNOIsFSR+efoaWJ5roK/iAXZeb2IawWUKgSipFuT+Ugfcne1UHWQTr39Vbz5N/sBFIgh6A+XNrtxW4xaJAM9ALUST+9j7oUyXqYq0aAR7EhH+FsZ+8BpwxvIFoATKdy63yuwPZsoBT7iYPB9PbdJw7qG72h5FwXbrLCc35D2/lUyN+kwi3', 'zH/0yNxtLulHKr6sKpDAmx8OZpBHLAPnNcvmRH+BjQ6GwMRuHz9bgyt0e3ag8nINiBDgkmhyVxsTsV6DItWVJFG6BUTCwsJTwDh6GIfZqz1qmYjt6UEv2WTRfI73WKo56dU4JMcdL3oL9mrhd4W6dDGm+od8gjMbP4CaHRoFxIUUG4AfUkF8aT5BWHULhL5thspF64GpCl57eQdc8seXHpKXmoxs6FLBRr14sZ6jNmBymVvgkSM1QK4Bu/q6BjAqwZjPCUc/SDdUOV85FILfrSgwcq6/06+dviHcEJtXA4iDhxsGrI51llQdCofIDQ5WK5lJ0xRIczpFZ19uJFQZtEvD71pbSxcZRdcCdHHY5CGr55FmNX3X/xU4ph46cgYAedJ7gQn84INWNW64sksRY50JzoCV+XK1+FGcgwx50GoVdcHBiaZVzjCkJ6HzNlG3fUjUetNCqZyOzNVfg/ETmC3T5k4/P83+SvDijqffUQ76pmP53fDwShrebqEG/tDBO1ZHJCx1fKh7lpq2wlCWVraE7fvDw9cZtx3u/QL19nb5LJWkTmvRG1keVFRPoPdDTQlGKpljAOqEVas8vQbjY/02Qmd5vU+xHnMeiNermGQKSstOaYL9oTT0HU0IoxuC9YBXJToMBlNY4bOLjZ6yaiWFqZ2hj22Bi0htm95GI8A=', 'mL0/FtYaW45VeC9KlWlknH0bvFqV/YhrUz7ZFJy4Q9QSfQ/e8vVhcTvEOD7XK1/pS0nLBK5MrtZqEFthkXlXjjVzon+IwnCqx0QPb7KJzqKBVBzzM0lAG0Ro0riizB8qHs38ozt3/RmVAdiQ/B6LoIE4q2GIGC+ZeywMn0z87onwZWKN9prEXEigCHeLVQHHyI1sR+8xS29U/u0OANCKD9eXwqq3M/HM/mgwidx2LfRog6kZ3loD/fDS+PdhmnFQHTQN8zV2PY2UfnwEAhRjhH/whgxFuXzC/A77DRtZtLDCKOgScJHyjAlP8GwoFaZKjV9TLOQ/Sg2k9zTTB6ZMPQ==', 'udixq7zVeJr5B325phtjkiBO/zIBsKR79chIvzMjCJ/xede5YVSCzExMsQCRgXKh', 'gLDOlkamN/rAvcRz/ps3Nw4nDBmnMYtjcsVFbLVGo1LgDRhMoX9JyX7Op9akPqVv', 'NZmxEv5ZMaX7WEE19Q7DdZ6iWD3jh3gi+t8OPWvGaOXbNx4bKShsGswuiuJY5GgF9lb2/CucvraRzsgmQkgyaKwv2BHa9JcdKLQNEqDecerSLoWH2lW78w+Jfji2Y3XG2wBUBMPNJbvZnt/aO44PUwFgMnzhUKkDAcLhK7mpWb/tRKZV3niRh5tD7wiTu/sJBHTFRGjQWsNJ6hLfA5kmf9aH4Nic5U/p+3MVo5/HtvT8QeHu+FLTkRaw9y5k2C8H7tzFT5ybBhy/3ixVYd/kJg==', 'mL0/FtYaW45VeC9KlWlknGn4+Q4Utql4mAv812PuixPl2D3B6/2003HU1OJkvqfPEvOBnIaYYwFbKsDEtGWEyi2qYTDe1HzJkn9fTvSEkgc=', 'U5vad5TN8bARWhoiCX0hGryleo9Gc15uKIJ4oDiCkGoDoFtZLGqhA29EjPaYE9fG', 'J+RivPYzcJT12YE5c20VDqtcnxRfrRmGSBfZadyk0fUnc33cEvmq74HHETKh8Tsk', 'm7ja1tCqHUwo/h61y6zUv4UXEuOHBn4rwnugayw6X4idnsTCk5qeJe39bDsP8wQE', 'mL0/FtYaW45VeC9KlWlknJ4XduWmKTdExOoj20g3M0OoFZGacclPhim3f6DUKgEfN1J0bGElsbk3sKX+gNlY2A==', 'mL0/FtYaW45VeC9KlWlknN7tXUQO0TqmrzzwMPpBrQ3/cwVlmVxh5BShNagD3ldW', 'qSuqIS94Mty4KSjnPmciVLdNgYzhZnwBV7P8xGcro2tfrLQxLagw4KotWhjISm2E/pQpOvU
Source: classification engineClassification label: mal72.winEXE@45/108@0/2
Source: C:\Users\user\Desktop\HDKuOe.exeFile created: C:\Users\user\AppData\Roaming\SnetchballJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMutant created: \Sessions\1\BaseNamedObjects\C__Users_user_AppData_Roaming_Snetchball_Logs_mainLog.txt
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMutant created: NULL
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMutant created: \Sessions\1\BaseNamedObjects\C__Users_user_AppData_Roaming_Snetchball_Logs_rendLog.txt
Source: C:\Users\user\Desktop\HDKuOe.exeFile created: C:\Users\user\AppData\Local\Temp\nsz90F3.tmpJump to behavior
Source: HDKuOe.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\HDKuOe.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: HDKuOe.exeVirustotal: Detection: 14%
Source: C:\Users\user\Desktop\HDKuOe.exeFile read: C:\Users\user\Desktop\HDKuOe.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\HDKuOe.exe "C:\Users\user\Desktop\HDKuOe.exe"
Source: C:\Users\user\Desktop\HDKuOe.exeProcess created: C:\Users\user\AppData\Local\Temp\setup.exe "C:\Users\user\AppData\Local\Temp\setup.exe"
Source: C:\Users\user\AppData\Local\Temp\setup.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3856 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736499434 --mojo-platform-channel-handle=4220 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736521392 --mojo-platform-channel-handle=4268 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
Source: C:\Users\user\Desktop\HDKuOe.exeProcess created: C:\Users\user\AppData\Local\Temp\setup.exe "C:\Users\user\AppData\Local\Temp\setup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3856 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736499434 --mojo-platform-channel-handle=4220 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736521392 --mojo-platform-channel-handle=4268 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: audioses.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: chrome_elf.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: iri.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\HDKuOe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SnetchballJump to behavior
Source: HDKuOe.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256f source: Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdb source: widevinecdmadapter.dll.6.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: Snetchball.exe, Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D3DCompiler_47.pdb source: d3dcompiler_47.dll.6.dr
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdb source: Snetchball.exe, Snetchball.exe, 00000010.00000002.2939914610.00000000055F2000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: d3dcompiler_47.dll.6.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdbLK source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdbSHA256 source: Snetchball.exe, 00000010.00000002.2939914610.00000000055F2000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdbGCTL source: widevinecdmadapter.dll.6.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdb source: Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>hlslFlagshlslTargethlslEntryhlslDefinesinternal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: d3dcompiler_47.dll.6.dr
Source: Newtonsoft.Json.dll.6.drStatic PE information: 0xF68F744F [Mon Jan 31 06:35:59 2101 UTC]
Source: chrome_elf.dll.6.drStatic PE information: section name: .00cfg
Source: chrome_elf.dll.6.drStatic PE information: section name: .crthunk
Source: chrome_elf.dll.6.drStatic PE information: section name: CPADinfo
Source: chrome_elf.dll.6.drStatic PE information: section name: malloc_h
Source: libEGL.dll.6.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.6.drStatic PE information: section name: .00cfg
Source: libcef.dll.6.drStatic PE information: section name: .00cfg
Source: libcef.dll.6.drStatic PE information: section name: .rodata
Source: libcef.dll.6.drStatic PE information: section name: CPADinfo
Source: libcef.dll.6.drStatic PE information: section name: malloc_h
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_027C4673 push ecx; ret 7_2_027C4676
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_0539F41F push dword ptr [esp+ecx*2-75h]; ret 7_2_0539F423
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_0627656F push ebp; retf 7_2_06276570
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeCode function: 7_2_06AEDFA1 push 5D6AF2D5h; ret 7_2_06AEDFC9
Source: Ionic.Zip.dll.6.drStatic PE information: section name: .text entropy: 6.821349263259562
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\widevinecdmadapter.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\Ionic.Zip.dllJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeFile created: C:\Users\user\AppData\Local\Temp\nsf9115.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_43.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\Del.exeJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeFile created: C:\Users\user\AppData\Local\Temp\nsf9115.tmp\blowfish.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\libcef.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\Uninstall.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeFile created: C:\Users\user\AppData\Local\Temp\nsf9115.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\chrome_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\log4net.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Roaming\Snetchball\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeFile created: C:\Users\user\AppData\Local\Temp\setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsa4F20.tmp\liteFirewall.dllJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\huge[1].datJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SnetchballJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SnetchballJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\HDKuOe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2780000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 29A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 27F0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2BE0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2190000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2390000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4390000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: DD0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2810000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2750000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 1570000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2FC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4FC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 1130000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2B90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4B90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 1800000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 3250000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 3190000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2910000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2BC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2910000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 27E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2860000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4860000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 12B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2B40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4C40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: D80000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 26F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4830000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2200000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2380000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4380000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: C20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2990000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4990000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: CB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 28E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 27E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 1320000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2B10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4B10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: A70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 24C0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: A90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: ED0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2B30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4B30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 1520000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 30E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 16A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 1400000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2D60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 4D60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 1640000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 3180000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: 2FE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\widevinecdmadapter.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\Ionic.Zip.dllJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf9115.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_43.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\Del.exeJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf9115.tmp\blowfish.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\libcef.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\Uninstall.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\log4net.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Snetchball\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsa4F20.tmp\liteFirewall.dllJump to dropped file
Source: C:\Users\user\Desktop\HDKuOe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf9115.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe TID: 1640Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeThread delayed: delay time: 600000Jump to behavior
Source: Snetchball.exe, 00000007.00000002.2868342088.0000000000D9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\HDKuOe.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3856 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736499434 --mojo-platform-channel-handle=4220 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736521392 --mojo-platform-channel-handle=4268 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:2
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --mojo-platform-channel-handle=3856 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --user-data-dir="c:\users\user\appdata\local\cef\user data" --first-renderer-process --no-sandbox --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736499434 --mojo-platform-channel-handle=4220 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --user-data-dir="c:\users\user\appdata\local\cef\user data" --no-sandbox --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736521392 --mojo-platform-channel-handle=4268 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --mojo-platform-channel-handle=3856 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --user-data-dir="c:\users\user\appdata\local\cef\user data" --first-renderer-process --no-sandbox --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736499434 --mojo-platform-channel-handle=4220 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeProcess created: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe "c:\users\user\appdata\roaming\snetchball\snetchball.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; intel mac os x 10_15_7) applewebkit/537.36 (khtml, like gecko) chrome/127.0.0.0 safari/537.36 opr/113.0.0.0" --user-data-dir="c:\users\user\appdata\local\cef\user data" --no-sandbox --log-file="c:\users\user\appdata\roaming\snetchball\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736521392 --mojo-platform-channel-handle=4268 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Newtonsoft.Json.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeQueries volume information: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services11
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		11
Process Injection		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		31
Virtualization/Sandbox Evasion		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		11
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
Obfuscated Files or Information		Cached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Software Packing		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Timestomp		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1502271 Sample: HDKuOe.exe Startdate: 31/08/2024 Architecture: WINDOWS Score: 72 61 Antivirus detection for dropped file 2->61 63 Antivirus / Scanner detection for submitted sample 2->63 65 Multi AV Scanner detection for submitted file 2->65 67 2 other signatures 2->67 9 HDKuOe.exe 3 35 2->9         started        13 Snetchball.exe 2->13         started        process3 dnsIp4 57 185.117.88.231 PORTLANEwwwportlanecomSE Netherlands 9->57 39 C:\Users\user\AppData\Local\Temp\setup.exe, PE32 9->39 dropped 41 C:\Users\user\AppData\Local\...\blowfish.dll, PE32 9->41 dropped 43 C:\Users\user\AppData\Local\...\huge[1].dat, PE32 9->43 dropped 45 2 other files (none is malicious) 9->45 dropped 15 setup.exe 9 112 9->15         started        file5 process6 file7 47 C:\Users\user\AppData\...\vulkan-1.dll, PE32 15->47 dropped 49 C:\Users\user\AppData\...\vk_swiftshader.dll, PE32 15->49 dropped 51 C:\Users\user\AppData\...\libGLESv2.dll, PE32 15->51 dropped 53 16 other files (13 malicious) 15->53 dropped 59 Antivirus detection for dropped file 15->59 19 Snetchball.exe 18 22 15->19         started        signatures8 process9 dnsIp10 55 185.117.88.39 PORTLANEwwwportlanecomSE Netherlands 19->55 69 Antivirus detection for dropped file 19->69 71 Machine Learning detection for dropped file 19->71 23 Snetchball.exe 4 19->23         started        25 Snetchball.exe 2 19->25         started        27 Snetchball.exe 2 19->27         started        29 5 other processes 19->29 signatures11 process12 process13 31 Snetchball.exe 23->31         started        33 Snetchball.exe 23->33         started        35 Snetchball.exe 23->35         started        37 9 other processes 23->37

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
HDKuOe.exe15%VirustotalBrowse
HDKuOe.exe12%ReversingLabs
HDKuOe.exe100%AviraHEUR/AGEN.1359405

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe100%AviraHEUR/AGEN.1352426
C:\Users\user\AppData\Local\Temp\setup.exe100%AviraHEUR/AGEN.1359405
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\huge[1].dat100%AviraHEUR/AGEN.1359405
C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\Snetchball\Del.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\huge[1].dat9%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\nsa4F20.tmp\liteFirewall.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf9115.tmp\INetC.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf9115.tmp\blowfish.dll5%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf9115.tmp\nsProcess.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\setup.exe9%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Roaming\Snetchball\Del.exe7%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\Ionic.Zip.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\Newtonsoft.Json.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe8%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\Uninstall.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\chrome_elf.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_43.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\libcef.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\log4net.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Snetchball\widevinecdmadapter.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://support.google.com/chrome/answer/60988690%URL Reputationsafe
http://www.unicode.org/copyright.html0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
https://chrome.google.com/webstore?hl=hiCtrl$10%Avira URL Cloudsafe
http://nsis.sf.net/NSIS_Error0%URL Reputationsafe
https://chrome.google.com/webstore?hl=teCtrl$10%Avira URL Cloudsafe
https://www.newtonsoft.com/jsonschema0%URL Reputationsafe
https://www.google.com/chrome/privacy/eula_text.html0%Avira URL Cloudsafe
https://www.nuget.org/packages/Newtonsoft.Json.Bson0%URL Reputationsafe
https://chrome.google.com/webstore?hl=mlCtrl$10%Avira URL Cloudsafe
https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC10%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=es-419Ctrl$10%Avira URL Cloudsafe
https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC10%VirustotalBrowse
https://www.google.com/chrome/privacy/eula_text.html1%VirustotalBrowse
https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciado0%VirustotalBrowse
https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?u0%VirustotalBrowse
https://chrome.google.com/webstore?hl=thCtrl$10%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciado0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=itCtrl$10%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=etCtrl$10%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=et&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
http://logging.apache.org/log4net/release/faq.html#trouble-EventLog0%Avira URL Cloudsafe
http://api.install-stat.debug.world/clients/activity0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=pt-BR&category=theme81https://myactivity.google.com/myactivity0%Avira URL Cloudsafe
https://rouonixon.com/4/5965567/?ymid=8534785172145561600%Avira URL Cloudsafe
http://logging.apache.org/log4net/release/faq.html#trouble-EventLog0%VirustotalBrowse
http://www.apache.org/).0%Avira URL Cloudsafe
http://api.install-stat.debug.world/clients/activity0%VirustotalBrowse
https://photos.google.com/settings?referrer=CHROME_NTP0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u0%VirustotalBrowse
https://chrome.google.com/webstore?hl=pt-BR&category=theme81https://myactivity.google.com/myactivity0%VirustotalBrowse
https://myactivity.google.com/0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged0%Avira URL Cloudsafe
http://www.apache.org/).0%VirustotalBrowse
https://photos.google.com/settings?referrer=CHROME_NTP0%VirustotalBrowse
https://chrome.google.com/webstore?hl=et&category=theme81https://myactivity.google.com/myactivity/?u0%VirustotalBrowse
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=it&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://passwords.google.com0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged1%VirustotalBrowse
https://myactivity.google.com/0%VirustotalBrowse
https://policies.google.com/0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%220%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList0%VirustotalBrowse
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl0%VirustotalBrowse
https://ejemplo.com.Se0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=pt-BRCtrl$10%Avira URL Cloudsafe
https://passwords.google.com0%VirustotalBrowse
http://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherEnabled0%Avira URL Cloudsafe
https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%220%VirustotalBrowse
https://passwords.google.comCuenta0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlP&omo0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=idCtrl$10%Avira URL Cloudsafe
https://ejemplo.com.Se0%VirustotalBrowse
https://chrome.google.com/webstore/category/extensions0%Avira URL Cloudsafe
http://www.apache.org/licenses/LICENSE-2.00%VirustotalBrowse
https://support.google.com/chromebook?p=app_intent0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=frCtrl$10%Avira URL Cloudsafe
https://policies.google.com/0%VirustotalBrowse
https://www.google.com/chrome/privacy/eula_text.htmlP&omo1%VirustotalBrowse
https://www.google.com/chrome/privacy/eula_text.htmlDikelola0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=es-419&category=theme81https://myactivity.google.com/myactivit0%Avira URL Cloudsafe
http://www.apache.org/licenses/0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherEnabled0%VirustotalBrowse
http://sup4tsk.biz/c/g0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=ml&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=ruCtrl$10%Avira URL Cloudsafe
https://passwords.google.comConta0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://support.google.com/chromebook?p=app_intent0%VirustotalBrowse
https://passwords.google.comGoogle0%Avira URL Cloudsafe
https://chrome.google.com/webstore/category/extensions0%VirustotalBrowse
https://chrome.google.com/webstore?hl=hrCtrl$10%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.html&0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=filCtrl$10%Avira URL Cloudsafe
http://sup4tsk.biz/c/g40%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlG&uidaGestito0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=id&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=hr&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlA&biHaldab0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.htmlT&ulongPinapamahalaan0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=ukCtrl$10%Avira URL Cloudsafe
http://api.install-stat.debug.world/clients/installs0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist0%Avira URL Cloudsafe
https://support.google.com/chrome/a/answer/91222840%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=fil&category=theme81https://myactivity.google.com/myactivity/?0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=enCtrl$10%Avira URL Cloudsafe
https://rouonixon.com/4/5965567/?ymid=853478517214556160&var=5965566&price=0%Avira URL Cloudsafe
http://sup4tsk.biz0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
http://ejemplo.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://chrome.google.com/webstore?hl=teCtrl$1te.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1Snetchball.exe, 00000007.00000002.2918170163.0000000004FD6000.00000002.00000001.01000000.0000000C.sdmp, Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=hiCtrl$1hi.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://support.google.com/chrome/answer/6098869et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • URL Reputation: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlth.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, uk.pak.6.drfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.unicode.org/copyright.htmlicudtl.dat.6.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore?hl=mlCtrl$1ml.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?uru.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=es-419Ctrl$1es-419.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=thCtrl$1th.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciadopt-BR.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://logging.apache.org/log4net/release/faq.html#trouble-EventLogSnetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=et&category=theme81https://myactivity.google.com/myactivity/?uet.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=etCtrl$1et.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=itCtrl$1it.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://api.install-stat.debug.world/clients/activitySnetchball.exe, 0000000F.00000002.2889534775.0000000003251000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=pt-BR&category=theme81https://myactivity.google.com/myactivitypt-BR.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?ute.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://rouonixon.com/4/5965567/?ymid=853478517214556160Snetchball.exe, 00000007.00000002.2871288348.0000000002CF3000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.apache.org/).Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://photos.google.com/settings?referrer=CHROME_NTPet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.dr, fr.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://myactivity.google.com/et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.dr, fr.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlH&elpManageden-US.pak.6.drfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=it&category=theme81https://myactivity.google.com/myactivity/?uit.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherUrlListet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://passwords.google.comth.pak.6.dr, uk.pak.6.dr, ru.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://policies.google.com/et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.dr, fr.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?uth.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, it.pak.6.dr, es-419.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSnetchball.exe, 00000007.00000002.2871288348.0000000002CE3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ejemplo.com.Sees-419.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=pt-BRCtrl$1pt-BR.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://www.apache.org/licenses/LICENSE-2.0Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherEnabledet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://passwords.google.comCuentaes-419.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlP&omohr.pak.6.drfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=idCtrl$1id.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore/category/extensionset.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.google.com/chromebook?p=app_intentet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=frCtrl$1fr.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlDikelolaid.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://www.apache.org/licenses/Snetchball.exe, 00000007.00000002.2917967201.0000000004F92000.00000002.00000001.01000000.0000000C.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=es-419&category=theme81https://myactivity.google.com/myactivites-419.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://sup4tsk.biz/c/gSnetchball.exe, 00000007.00000002.2871288348.00000000029A1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=ml&category=theme81https://myactivity.google.com/myactivity/?uml.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=ruCtrl$1ru.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://passwords.google.comContapt-BR.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?uen-US.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://passwords.google.comGoogleet.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, en-US.pak.6.dr, it.pak.6.dr, fil.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://nsis.sf.net/NSIS_ErrorErrorHDKuOe.exefalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore?hl=hrCtrl$1hr.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.html&ru.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?uhi.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=filCtrl$1fil.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://james.newtonking.com/projects/jsonSnetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmpfalse
  • URL Reputation: safe
unknown
http://sup4tsk.biz/c/g4Snetchball.exe, 00000007.00000002.2871288348.00000000029A1000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlG&uidaGestitoit.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=id&category=theme81https://myactivity.google.com/myactivity/?uid.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlA&biHaldabet.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=hr&category=theme81https://myactivity.google.com/myactivity/?uhr.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlT&ulongPinapamahalaanfil.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://nsis.sf.net/NSIS_ErrorHDKuOe.exefalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore?hl=ukCtrl$1uk.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://api.install-stat.debug.world/clients/installsSnetchball.exe, 0000000F.00000002.2889534775.0000000003251000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelistet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.newtonsoft.com/jsonschemaSnetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmpfalse
  • URL Reputation: safe
unknown
https://support.google.com/chrome/a/answer/9122284et.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, it.pak.6.dr, es-419.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=fil&category=theme81https://myactivity.google.com/myactivity/?fil.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=enCtrl$1en-US.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.nuget.org/packages/Newtonsoft.Json.BsonSnetchball.exe, Snetchball.exe, 00000007.00000002.3112205483.0000000006302000.00000002.00000001.01000000.0000000E.sdmpfalse
  • URL Reputation: safe
unknown
https://rouonixon.com/4/5965567/?ymid=853478517214556160&var=5965566&price=Snetchball.exe, 00000007.00000002.2871288348.0000000002CF3000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://sup4tsk.bizSnetchball.exe, 00000010.00000002.2890248657.0000000002C17000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?uuk.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
http://ejemplo.comes-419.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylistet.pak.6.dr, th.pak.6.dr, hr.pak.6.dr, hi.pak.6.dr, ml.pak.6.dr, te.pak.6.dr, pt-BR.pak.6.dr, en-US.pak.6.dr, uk.pak.6.dr, ru.pak.6.dr, id.pak.6.dr, it.pak.6.dr, es-419.pak.6.dr, fil.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/chrome/privacy/eula_text.htmlA&yudaAdministradoes-419.pak.6.drfalse
  • Avira URL Cloud: safe
unknown
https://passwords.google.comAkunid.pak.6.drfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
185.117.88.231
unknownNetherlands
42708PORTLANEwwwportlanecomSEfalse
185.117.88.39
unknownNetherlands
42708PORTLANEwwwportlanecomSEfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502271
Start date and time:2024-08-31 22:09:07 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:30
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Sample name:HDKuOe.exe
Detection:MAL
Classification:mal72.winEXE@45/108@0/2
EGA Information:
  • Successful, ratio: 14.3%
HCA Information:
  • Successful, ratio: 99%
  • Number of executed functions: 496
  • Number of non-executed functions: 5
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Execution Graph export aborted for target Snetchball.exe, PID 2180 because it is empty
  • Execution Graph export aborted for target Snetchball.exe, PID 3332 because it is empty
  • Execution Graph export aborted for target Snetchball.exe, PID 4144 because it is empty
  • Execution Graph export aborted for target Snetchball.exe, PID 4208 because it is empty
  • Execution Graph export aborted for target Snetchball.exe, PID 5720 because it is empty
  • Execution Graph export aborted for target Snetchball.exe, PID 5916 because it is empty
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadVirtualMemory calls found.
  • Skipping network analysis since amount of network traffic is too extensive

Simulations

Behavior and APIs

TimeTypeDescription
16:11:55API Interceptor1x Sleep call for process: Snetchball.exe modified
21:11:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Snetchball C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
21:12:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Snetchball C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
185.117.88.231SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.15996.11306.exeGet hashmaliciousUnknownBrowse
    SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.15996.11306.exeGet hashmaliciousUnknownBrowse
      185.117.88.398ubQTzsAqG.exeGet hashmaliciousUnknownBrowse
        8ubQTzsAqG.exeGet hashmaliciousUnknownBrowse
          SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.15996.11306.exeGet hashmaliciousUnknownBrowse
            SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.15996.11306.exeGet hashmaliciousUnknownBrowse

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              PORTLANEwwwportlanecomSEsora.mpsl.elfGet hashmaliciousMiraiBrowse
              • 5.254.217.95
              Requerimiento_Juridico_Proferido_N#U00b0_437361838..exeGet hashmaliciousAsyncRAT, DcRatBrowse
              • 46.246.80.9
              chrome.exeGet hashmaliciousUnknownBrowse
              • 46.246.120.178
              PURCHASE_ORDER.jsGet hashmaliciousAsyncRATBrowse
              • 46.246.14.66
              Ref_87021929821US20240709031221656.jsGet hashmaliciousNanocoreBrowse
              • 46.246.14.67
              qZvaZQbxa5.exeGet hashmaliciousXWormBrowse
              • 46.246.4.9
              WQfmuMk5HB.exeGet hashmaliciousXWormBrowse
              • 46.246.4.9
              file.exeGet hashmaliciousSmokeLoaderBrowse
              • 46.246.96.149
              file.exeGet hashmaliciousSmokeLoaderBrowse
              • 46.246.96.149
              file.exeGet hashmaliciousSmokeLoaderBrowse
              • 46.246.96.149
              PORTLANEwwwportlanecomSEsora.mpsl.elfGet hashmaliciousMiraiBrowse
              • 5.254.217.95
              Requerimiento_Juridico_Proferido_N#U00b0_437361838..exeGet hashmaliciousAsyncRAT, DcRatBrowse
              • 46.246.80.9
              chrome.exeGet hashmaliciousUnknownBrowse
              • 46.246.120.178
              PURCHASE_ORDER.jsGet hashmaliciousAsyncRATBrowse
              • 46.246.14.66
              Ref_87021929821US20240709031221656.jsGet hashmaliciousNanocoreBrowse
              • 46.246.14.67
              qZvaZQbxa5.exeGet hashmaliciousXWormBrowse
              • 46.246.4.9
              WQfmuMk5HB.exeGet hashmaliciousXWormBrowse
              • 46.246.4.9
              file.exeGet hashmaliciousSmokeLoaderBrowse
              • 46.246.96.149
              file.exeGet hashmaliciousSmokeLoaderBrowse
              • 46.246.96.149
              file.exeGet hashmaliciousSmokeLoaderBrowse
              • 46.246.96.149

              JA3 Fingerprints

              No context

              Dropped Files

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              C:\Users\user\AppData\Local\Temp\nsf9115.tmp\INetC.dllLisectAVT_2403002B_95.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                  file.exeGet hashmaliciousSmokeLoaderBrowse
                    file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                      file.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                        5GOuTtZoQn.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                          SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                            JuHVfiAuLo.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                              LXbM8RbhLa.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                EiPVv5yELP.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                  C:\Users\user\AppData\Local\Temp\nsa4F20.tmp\liteFirewall.dllfile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                    file.exeGet hashmaliciousSmokeLoaderBrowse
                                      file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                        file.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                          5GOuTtZoQn.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                            SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                              JuHVfiAuLo.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                                LXbM8RbhLa.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                                  EiPVv5yELP.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                                    6IMo1kM9CC.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\huge[1].dat

                                                      Download File
                                                      Process:C:\Users\user\Desktop\HDKuOe.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Category:dropped
                                                      Size (bytes):107389293
                                                      Entropy (8bit):7.999791995771623
                                                      Encrypted:true
                                                      SSDEEP:3145728:neFBulLqoMlJ6dgXfXYLN1BbPOUwvSpQQ5695E:eFBulWFX6uXfXkyvSpQQw95E
                                                      MD5:12F9523E0ADA8BDABC28FA142D6E56BD
                                                      SHA1:FFD3F235A31077FC78FE0D5BDE27EA82CF3A6C5A
                                                      SHA-256:2A59EE739A940EB9AB9B8BC0DA7D30BB0A05345D35AB4B0432E817AEF7A25025
                                                      SHA-512:323750747F2ED05D54CC8BD8C0A94596862A5E0AC17719062C96B05B8AA12F297D182298A4DC947B0BF7BBF750B2EFBBD24E3E71BB12EF238D2C1CA72D2A700A
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 9%
                                                      Reputation:low
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....Oa.................d...........4............@.......................................@.................................8.......................................................................................................................text....c.......d.................. ..`.rdata..v............h..............@..@.data...X............|..............@....ndata.......P...........................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\nsa4F20.tmp\liteFirewall.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):82944
                                                      Entropy (8bit):6.389604568119155
                                                      Encrypted:false
                                                      SSDEEP:1536:Dli3i1jKfTV0LzYpAzMk2nACScLw5jPAT:j9KLQ+ScLw5jPAT
                                                      MD5:165E1EF5C79475E8C33D19A870E672D4
                                                      SHA1:965F02BFD103F094AC6B3EEF3ABE7FDCB8D9E2A5
                                                      SHA-256:9DB9C58E44DFF2D985DC078FDBB7498DCC66C4CC4EB12F68DE6A98A5D665ABBD
                                                      SHA-512:CD10EAF0928E5DF048BF0488D9DBFE9442E2E106396A0967462BEF440BF0B528CDF3AB06024FB6FDAF9F247E2B7F3CA0CEA78AFC0CE6943650EF9D6C91FEE52A
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: 5GOuTtZoQn.exe, Detection: malicious, Browse
                                                      • Filename: SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exe, Detection: malicious, Browse
                                                      • Filename: JuHVfiAuLo.exe, Detection: malicious, Browse
                                                      • Filename: LXbM8RbhLa.exe, Detection: malicious, Browse
                                                      • Filename: EiPVv5yELP.exe, Detection: malicious, Browse
                                                      • Filename: 6IMo1kM9CC.exe, Detection: malicious, Browse
                                                      Reputation:moderate, very likely benign file
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W=.e9n.e9n.e9n...n.e9n...n.e9n..Bn.e9n.e8n.e9n.7.n.e9n...n.e9n...n.e9n...n.e9nRich.e9n........PE..L...,.N...........!.........^.......%...............................................3..................................`...$'..d....`.......................p...................................... ...@...............h............................text...1........................... ..`.rdata..P/.......0..................@..@.data........0......................@....rsrc........`.......*..............@..@.reloc.......p.......,..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\nsf9115.tmp\INetC.dll

                                                      Download File
                                                      Process:C:\Users\user\Desktop\HDKuOe.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):22016
                                                      Entropy (8bit):5.668346578219837
                                                      Encrypted:false
                                                      SSDEEP:384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1
                                                      MD5:92EC4DD8C0DDD8C4305AE1684AB65FB0
                                                      SHA1:D850013D582A62E502942F0DD282CC0C29C4310E
                                                      SHA-256:5520208A33E6409C129B4EA1270771F741D95AFE5B048C2A1E6A2CC2AD829934
                                                      SHA-512:581351AEF694F2489E1A0977EBCA55C4D7268CA167127CEFB217ED0D2098136C7EB433058469449F75BE82B8E5D484C9E7B6CF0B32535063709272D7810EC651
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: LisectAVT_2403002B_95.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: 5GOuTtZoQn.exe, Detection: malicious, Browse
                                                      • Filename: SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exe, Detection: malicious, Browse
                                                      • Filename: JuHVfiAuLo.exe, Detection: malicious, Browse
                                                      • Filename: LXbM8RbhLa.exe, Detection: malicious, Browse
                                                      • Filename: EiPVv5yELP.exe, Detection: malicious, Browse
                                                      Reputation:moderate, very likely benign file
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9<.EXR.EXR.EXR.b.).LXR.EXS..XR.b. .FXR.b.(.DXR.b...DXR.b.*.DXR.RichEXR.................PE..L....I6V...........!.....8...P......Q?.......P...................................................................... G..l....?..d.......(...............................................................................P............................text....7.......8.................. ..`.data...<<...P.......<..............@....rsrc...(............D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\nsf9115.tmp\blowfish.dll

                                                      Download File
                                                      Process:C:\Users\user\Desktop\HDKuOe.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):22528
                                                      Entropy (8bit):6.674611218414922
                                                      Encrypted:false
                                                      SSDEEP:384:yTxz0Cv0hqd+1TjQmd9YWrSUEc//////OD5hF92IJpJgLa0MpoYfAz6S:jCvsqdS3QGBREc//////Q53NgLa1ub
                                                      MD5:5AFD4A9B7E69E7C6E312B2CE4040394A
                                                      SHA1:FBD07ADB3F02F866DC3A327A86B0F319D4A94502
                                                      SHA-256:053B4487D22AACF8274BAB448AE1D665FE7926102197B47BFBA6C7ED5493B3AE
                                                      SHA-512:F78EFE9D1FA7D2FFC731D5F878F81E4DCBFAF0C561FDFBF4C133BA2CE1366C95C4672D67CAE6A8BD8FCC7D04861A9DA389D98361055AC46FC9793828D9776511
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................6..........dD.......P....@.....................................................................Y.......................................p...................................................................................CODE....|4.......6.................. ..`DATA....8....P.......:..............@...BSS..........p.......L...................idata...............L..............@....edata..Y............P..............@..P.reloc..p............R..............@..P.rsrc................V..............@..P.....................X..............@..P................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\nsf9115.tmp\nsProcess.dll

                                                      Download File
                                                      Process:C:\Users\user\Desktop\HDKuOe.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):4608
                                                      Entropy (8bit):4.666004851298707
                                                      Encrypted:false
                                                      SSDEEP:48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
                                                      MD5:FAA7F034B38E729A983965C04CC70FC1
                                                      SHA1:DF8BDA55B498976EA47D25D8A77539B049DAB55E
                                                      SHA-256:579A034FF5AB9B732A318B1636C2902840F604E8E664F5B93C07A99253B3C9CF
                                                      SHA-512:7868F9B437FCF829AD993FF57995F58836AD578458994361C72AE1BF1DFB74022F9F9E948B48AFD3361ED3426C4F85B4BB0D595E38EE278FEE5C4425C4491DBF
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n|f.L...I...Q...@..K...@..H...@..H...RichI...........PE..L...`..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..`............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\setup.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\HDKuOe.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Category:dropped
                                                      Size (bytes):107389293
                                                      Entropy (8bit):7.999791995771623
                                                      Encrypted:true
                                                      SSDEEP:3145728:neFBulLqoMlJ6dgXfXYLN1BbPOUwvSpQQ5695E:eFBulWFX6uXfXkyvSpQQw95E
                                                      MD5:12F9523E0ADA8BDABC28FA142D6E56BD
                                                      SHA1:FFD3F235A31077FC78FE0D5BDE27EA82CF3A6C5A
                                                      SHA-256:2A59EE739A940EB9AB9B8BC0DA7D30BB0A05345D35AB4B0432E817AEF7A25025
                                                      SHA-512:323750747F2ED05D54CC8BD8C0A94596862A5E0AC17719062C96B05B8AA12F297D182298A4DC947B0BF7BBF750B2EFBBD24E3E71BB12EF238D2C1CA72D2A700A
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 9%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....Oa.................d...........4............@.......................................@.................................8.......................................................................................................................text....c.......d.................. ..`.rdata..v............h..............@..@.data...X............|..............@....ndata.......P...........................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\DawnCache\data_0

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.01057775872642915
                                                      Encrypted:false
                                                      SSDEEP:3:MsFl:/F
                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                      Malicious:false
                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\DawnCache\data_1

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.012096502606932763
                                                      Encrypted:false
                                                      SSDEEP:3:MsEllllkXl:/M/6
                                                      MD5:259E7ED5FB3C6C90533B963DA5B2FC1B
                                                      SHA1:DF90EABDA434CA50828ABB039B4F80B7F051EC77
                                                      SHA-256:35BB2F189C643DCF52ECF037603D104035ECDC490BF059B7736E58EF7D821A09
                                                      SHA-512:9D401053AC21A73863B461B0361DF1A17850F42FD5FC7A77763A124AA33F2E9493FAD018C78CDFF63CA10F6710E53255CE891AD6EC56EC77D770C4630F274933
                                                      Malicious:false
                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\DawnCache\data_2

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.011852361981932763
                                                      Encrypted:false
                                                      SSDEEP:3:MsHlDll:/H
                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                      Malicious:false
                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\DawnCache\data_3

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:data
                                                      Category:modified
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.012340643231932763
                                                      Encrypted:false
                                                      SSDEEP:3:MsGl3ll:/y
                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                      Malicious:false
                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\DawnCache\index

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                      Category:dropped
                                                      Size (bytes):262512
                                                      Entropy (8bit):9.553120663130604E-4
                                                      Encrypted:false
                                                      SSDEEP:3:LsNld:Ls3
                                                      MD5:DDED7D260A880BF4027211532F1A9745
                                                      SHA1:30E0FD83F34CAAE272B8FDF01A772B3FE84D4B66
                                                      SHA-256:FD9F7A29A680D6ED131E8DD34E3103FF091F126C30EF760841152F9C231DCD3F
                                                      SHA-512:7553071556E651D6CB5B26266689E03B48B5B14A8E0FD01A35B6C21901982F03D1193EAECEE7D9DF8C094FD83B5D5B399E0306C1D5D5EEB83E58B8E8FE34B4F0
                                                      Malicious:false
                                                      Preview:........................................u...../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\Del.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):4.622398838808078
                                                      Encrypted:false
                                                      SSDEEP:96:QPjzIyfbInD3W0IwrBmEH7UewW4ORIhmY5XO40uK8DDzNt:pQIS0IwrJbU7W4kIX5e4kgF
                                                      MD5:97D4D47D539CB8171BE2AEFD64C6EBB1
                                                      SHA1:44ABF82DD553CCE0C1F41B9B78D853075DDD1F16
                                                      SHA-256:8D996D5F68BF2248F223C4F3549303BC6A8EC58CC97FCB63B7BB7D8068850273
                                                      SHA-512:7D402847B093E208410C695095DE815A3F5D5DA81630FD51C88C009C48C269D0EA5016D626351BB9D38862163FAD930645072C50ACCCD743DC0E19531A592FDE
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 7%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&.].........."...0.............64... ...@....@.. ....................................@..................................3..O....@.......................`.......2............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H........#...............1...............................................0..-.......(....r...p(.....(.......(....,...(....*(....*....0..T........~....(.....~....(.....(....s....%.o....%.o....%.o....%.o....%~....o....(....&..&..*........PP.......0..6.......(....(......( ...r...p~....r...p(!.....("...,...(#...*...0..........r...p.~$.....o%.....,..~....o&......,..o'....ra..p.~$.....o%.....,..~....o(......,..o'....r...p.~$.....o%.....,..~....o(......,..o'......&..*....4.......#..

                                                      C:\Users\user\AppData\Roaming\Snetchball\GPUCache\data_0

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.01057775872642915
                                                      Encrypted:false
                                                      SSDEEP:3:MsFl:/F
                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                      Malicious:false
                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\GPUCache\data_1

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.012096502606932763
                                                      Encrypted:false
                                                      SSDEEP:3:MsEllllkXl:/M/6
                                                      MD5:259E7ED5FB3C6C90533B963DA5B2FC1B
                                                      SHA1:DF90EABDA434CA50828ABB039B4F80B7F051EC77
                                                      SHA-256:35BB2F189C643DCF52ECF037603D104035ECDC490BF059B7736E58EF7D821A09
                                                      SHA-512:9D401053AC21A73863B461B0361DF1A17850F42FD5FC7A77763A124AA33F2E9493FAD018C78CDFF63CA10F6710E53255CE891AD6EC56EC77D770C4630F274933
                                                      Malicious:false
                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\GPUCache\data_2

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.011852361981932763
                                                      Encrypted:false
                                                      SSDEEP:3:MsHlDll:/H
                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                      Malicious:false
                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\GPUCache\data_3

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8192
                                                      Entropy (8bit):0.012340643231932763
                                                      Encrypted:false
                                                      SSDEEP:3:MsGl3ll:/y
                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                      Malicious:false
                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\GPUCache\index

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                      Category:dropped
                                                      Size (bytes):262512
                                                      Entropy (8bit):9.553120663130604E-4
                                                      Encrypted:false
                                                      SSDEEP:3:LsNlF:Ls3F
                                                      MD5:BCA14AB0377DE0EEF0C41BCC2E6A8480
                                                      SHA1:FA776C98724DD8268D9F60084922AB70B9D2DFFF
                                                      SHA-256:EC4CEE73E4A758BB200D4B237798A9335E983FB7004040B673930D783F2A295F
                                                      SHA-512:62A005E1D963C97275265FE2FAD164C2FD437AFA29AB196D1EC716A4792BBD55A6DAD005E3D8F8320B3FF9E8D635295AB597590E59C9F386F2A8FED066DD4A7D
                                                      Malicious:false
                                                      Preview:.........................................g..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\Ionic.Zip.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):462336
                                                      Entropy (8bit):6.803831500359682
                                                      Encrypted:false
                                                      SSDEEP:6144:leSYvQAd10GtSV41OJDsTDDVUMle6ZjxLV/rHo0Oaaz2R9IY:oJBdBS4msNUCe65frHMnz2R9
                                                      MD5:6DED8FCBF5F1D9E422B327CA51625E24
                                                      SHA1:8A1140CEBC39F6994EEF7E8DE4627FB7B72A2DD9
                                                      SHA-256:3B3E541682E48F3FD2872F85A06278DA2F3E7877EE956DA89B90D732A1EAA0BD
                                                      SHA-512:BDA3A65133B7B1E2765C7D07C7DA5103292B3C4C2F0673640428B3E7E8637B11539F06C330AB5D0BA6E2274BD2DCD2C50312BE6579E75C4008FF5AE7DAE34CE4
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=N...........!................N#... ...@....@.. ..............................T.....@.................................."..O....@..P....................`......."............................................... ............... ..H............text...T.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................0#......H.......0U..l...........P%.../..P ......................................6..`N.?O...%.C.k_..d...I......5a.......9x......R...gg8...JM...`.[. .o..eE1$_.M.h.q.oz..1..........@....s.c/J..wk.D.....t..&...(....*...0..2........r...p(....}.......}"....(........(.........(....*..r...p(....}.......}"....(........(....*..0..j.........o....-..s#...+..}......(......(......}.....(....s....}......}......}......(......%-.&r...p}......j(#...*rr!..p.{.....{.....B...(....*..0..A........{..

                                                      C:\Users\user\AppData\Roaming\Snetchball\Newtonsoft.Json.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):574376
                                                      Entropy (8bit):5.8881470355864725
                                                      Encrypted:false
                                                      SSDEEP:12288:ZzfhypmNGgHA37YyUD1AboTf3xnpJbC8VGSBJjRuz7:ZoI1AbQf3xnpJbC8VLBJjRuz7
                                                      MD5:8F81C9520104B730C25D90A9DD511148
                                                      SHA1:7CF46CB81C3B51965C1F78762840EB5797594778
                                                      SHA-256:F1F01B3474B92D6E1C3D6ADFAE74EE0EA0EBA6E9935565FE2317686D80A2E886
                                                      SHA-512:B4A66389BF06A6611DF47E81B818CC2FCD0A854324A2564A4438866953F148950F59CD4C07C9D40CC3A9043B5CE12B150C8A56CCCDF98D5E3F0225EDF8C516F3
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ot............" ..0.............6.... ........... ....................................@....................................O.......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........f...P............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{E....3...{D......(....,...{D...*..{F.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                      C:\Users\user\AppData\Roaming\Snetchball\Newtonsoft.Json.xml

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):561424
                                                      Entropy (8bit):4.606896607960262
                                                      Encrypted:false
                                                      SSDEEP:6144:XqqUmk/Rik2rH6dl0/IaHNpOVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QyMYFLse:DUK
                                                      MD5:928ED37DB61C1E98A2831C8C01F6157C
                                                      SHA1:98103C2133EBDA28BE78BFE3E2D81D41924A23EE
                                                      SHA-256:39F6A4DB1BE658D6BAFF643FA05AAE7809139D9665475BFCA10D37DCA3384F21
                                                      SHA-512:F59387BFA914C7DB234161E31AD6075031ACA17AAEF4B8D4F4B95C78C7A6A8D0E64211566CA2FD4549B9DA45231F57A4191FBCD3809404653F86EE2ABD4937A4
                                                      Malicious:false
                                                      Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

                                                      C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):360960
                                                      Entropy (8bit):5.358170916431781
                                                      Encrypted:false
                                                      SSDEEP:6144:BNhml+X6KbXvpbTZhr/ZUX139gvlaNso:BNhmb8vpbVhrWX1397N
                                                      MD5:A011E4E8E7502FDFCD1C52A98392FF46
                                                      SHA1:7C3296FB62589AA96FD98322AB7F06D08B91D2B8
                                                      SHA-256:609BC8857B533519F685C40D62946FD27C4A4A0A87F8B05A8A5351FCFB7F5213
                                                      SHA-512:4C46F1B72C2CB34F3C1457EDDAB1EE3D4941CC8DFCDD29100F9C37C8F58D157BA0EFE2B6C8E1ACAB575B1D1247B73523F3273CFC4D5BB3B7DDB0BCA5CB813558
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 8%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0.............^.... ........@.. ....................................@.....................................O.......0............................................................................ ............... ..H............text........ ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B................@.......H...........h............................................................(....s....*Z..(....,...(....(....*.(....*..(....*..(....*.......*.~....*....0..W.......(....".....(......,..o....-..*.o.....+...(......o....&..(....-...........o......"...BZ*.......%..A.......0..Q.......(....(........,..o....-..*.o.....+...(......o....&.._...(....-...........o......*.........!. A.......0..V.......(....(......,..o....-.*~......o.....+...(....."...B[..o....&..(....-...........o.....*......

                                                      C:\Users\user\AppData\Roaming\Snetchball\Uninstall.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Category:dropped
                                                      Size (bytes):281917
                                                      Entropy (8bit):5.436594887642422
                                                      Encrypted:false
                                                      SSDEEP:3072:7Fi6z/VXzAf3ocSzwC6Y5r/ZUx9hF/arYwJEnvADppaNcuu09g4wLjo8G:7xFSuzNhr/ZUX1UDaN19ghfo8G
                                                      MD5:F099D7DFF9C8071C6C24627AF4F43A27
                                                      SHA1:331D5E363FF99A40A80AF0133168D304927E7578
                                                      SHA-256:AF8BC05BE623F8FE6C423E41F84CA86089068D99EDB33824DA7C7DF39C2AB590
                                                      SHA-512:B70EE204949641F93B4343E49A64D3106E3910E7A32E2C25330AD89FE8243880303CC777FCC79AD708BC589A3643090727D28C4FD2817FCF9CB6B5E030B92165
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....Oa.................d...........4............@.......................................@.................................8.......................................................................................................................text....c.......d.................. ..`.rdata..v............h..............@..@.data...X............|..............@....ndata.......P...........................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\Xilium.CefGlue.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):875520
                                                      Entropy (8bit):5.621956468920589
                                                      Encrypted:false
                                                      SSDEEP:12288:jsRfnBqqvFXWesd2HiZ9fyn+5FHrvUR1Qnzx7LuQ:jsRITeWAQ5vtu
                                                      MD5:B03C7F6072A0CB1A1D6A92EE7B82705A
                                                      SHA1:6675839C5E266075E7E1812AD8E856A2468274DD
                                                      SHA-256:F561713347544E9D06D30F02A3DFCEC5FE593B38894593AEEDF5700666B35027
                                                      SHA-512:19D6792EB9BA8584B94D0D59E07CE9D1C9C4DA5516490F4ABCE5AE0D7D55B357BDA45B2093B3E9EB9D6858061E9D3F530A6655C4779A50C911501AE23925C566
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..R...........p... ........... ....................................@..................................p..O.......x............................o..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc...x............T..............@..@.reloc...............Z..............@..B.................p......H....... .................................................................(....*..(....*..(....*^.(.......=...%...}....*:.(......}....*:.(......}....*^.(.......>...%...}....*:.(......}....*.(.........*....0..,.......(....o.......3..*....... ....3.(....-..*.*.*.0..L.......~..... . ..(......(....-..(....r...p( ...,.......&...~....(!...,..(".....*.*........+1...........4.......~....*.~....*..(....*.~....,.*.(#...-.(....-..(....+.r...ps$...z(..........*b.r...p(%...~.....(....&*.r

                                                      C:\Users\user\AppData\Roaming\Snetchball\cef.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1946739
                                                      Entropy (8bit):7.989700491058983
                                                      Encrypted:false
                                                      SSDEEP:49152:fpXzD2VLpS71ycdao6LreGCL/0jJZWOiBiXkbEia9T:xjyFgZ0Lr2/0jJU5BiIEN
                                                      MD5:96AD47D78A70B33158961585D9154ECC
                                                      SHA1:149BF6F6905A76B0CC9E9ACA580357BD6C3497A2
                                                      SHA-256:C861117D1F1DBF02867B46FA87CB8C65C3213D196029EE81A02B617D131236E2
                                                      SHA-512:6A971F742B5754EEF39C6C2C64DB13DFDCB74D8CB23833404E9EF5AD89E142278E5DF789F508DB561C5E957013AE0C60D002CDFA93BCD87CA4967D610DF1579B
                                                      Malicious:false
                                                      Preview:........V...f.....g.7........................!.....%....o8...).>...).F...).H...).X...).a...)*i...).k...).q...)Lt...).v...)Tw...).x...).}...).....)I....)i....)....).....).....)L....)....)....)t....).....).....).....)s....).... )....!)....")....#)....$)}...%)+...&)h#..').'..().-..)).>..*).A..+).C..,).Q..-)CU...).]..<).d..=).l..>)i...?)G...@)H...A)r...B)....C)z...T)....U)....V)+...W)....X)....Y)....Z)....[)#...\)}...]).!..^)R1.._).2..`).;..a).=..b)mE..c)QG..d).H..e)qL..f).U..g).]..h).b..i))d..j).e..k).g..l)Pi..m).p..n).z..s).z...).....)b....).....)'....).....)....)....).....).....)....).....)s....)F....)j....)....).....)....)....)....)h....)H....)....).....).....)k....).....)L....)q....)2....).....).....).....).....).....)N....)|....).....).....).....).!...).)...).6...).C...)RE...).L...).N...).O...).U...)bV...).W...).^...)o_...)(g...)Si...).v...).....)0....)/....).....),....).....*.....*F....*]....*3....*v....*....*v....*.....*.....*.....*$... *....!*8..."*....#*....$*....%*..

                                                      C:\Users\user\AppData\Roaming\Snetchball\cef_100_percent.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):214119
                                                      Entropy (8bit):7.955451054538398
                                                      Encrypted:false
                                                      SSDEEP:6144:m5S+8U5mtp0ra7rFrJzw95T9OHCZg0Gb0OveGe04mExhLY:mWU5OGUFoqoORehrQ
                                                      MD5:391F512173ECEC14EB5CE31299858DE1
                                                      SHA1:3A5A41A190C1FB682F9D9C84F500FF50308617FC
                                                      SHA-256:E0F5C754C969CCA0AC4594A6F3F2C23D080A09EEA992AF29E19F4291FD1E0B06
                                                      SHA-512:44D7B9BCB3544C3F5550150EF3522BF6A0B36900695E6A13E44F5616E16A058548189D4FEA4A22248B1CB2B273B0EAA7D559EB2D8F013BED520E4097BD45D800
                                                      Malicious:false
                                                      Preview:........................#.b...&.....:.g....7.....7.....7.....7|(...7.-...7t5...7.6...7.9...7s:...7hB...7.E...7.G...7.K...7qN...7.Q...7yR...7.S...7.W...7.\...7.b...7.i...7.k...76m...7Vq...7.r...7.v...7.y...7.{...7.~...7Z....75....7;....7W....7.....7c....7u....7b....7.....7.....7.....7Q....7*....7\....8."...8,)..<FqG..=F7I..>F.L..?F$O..@F.P..AFaQ..BFnT..CF.W..DF.Y..EFJ\..FF.^..MF(b..NF.c..QF.e..RF.f..YFZg..ZF.p..[F.x..\F.{..]F.{...L.|...L.....L....Ni....N.....NJ....N2....N+....N^....No....N9....NK....N....N1....N$....N....Nh....N.....N.....U.....U.....U.....U.....U.....U[....U.&...Uh(...U?/...U.4...U.:...U.@...U.B...U,G...U.K...U)N...U.R...UF\...U.`...U.b...U.j...U]s...UEt...U.u...U.w...U.z...Uh{...U.}...U#....U.....U^....U.....U|....U.....U.....U.....U.....U.....U.....U.....U.....U.....U]....U?....U.....U9....U....U.....Um....U<....U!....U.....U.....U....Uq....U3....U!....U.....U....U.....Uu....UJ....U.....U.....U.....U.....U`....U'....U.....U.....Ul....U%....U7....U.....U.....UW.

                                                      C:\Users\user\AppData\Roaming\Snetchball\cef_200_percent.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):290001
                                                      Entropy (8bit):7.9670215100557735
                                                      Encrypted:false
                                                      SSDEEP:6144:tS+8U5mtp0ra7rFriDQYaF+9bQHgs4jTlmOHCZVWGMRe8InVXYopym74:CU5OGUFrfs4gs4jTQ6ebVIo374
                                                      MD5:BF59A047984EAFC79E40B0011ED4116D
                                                      SHA1:DF747125F31F3FF7E3DFE5849F701C3483B32C5E
                                                      SHA-256:CD9BE67AA0527F16E309189FA2369E1A2596D0601A7D55C405F8A619F4D095E9
                                                      SHA-512:85A545758E8C89EF47BF11B553C57D23ED7DA6AE89A8BCCB262F509AABE61A1121C3F87EC9200791F2670225BAEECC3C92AED6AFDA86C08CA0FD611DA2E595D2
                                                      Malicious:false
                                                      Preview:........................#.....&.....:......7.....7.....7.....7.+...7.1...7.8...7.9...7)<...7.=...7xE...7.H...7.J...7'N...7.Q...7.T...7.U...7.W...7.Z...7._...7.e...7.l...7.n...7Fp...7ft...7.v...7)y...7.|...7.~...7.....7j....7E....7K....7g....7.....7s....7.....7r....7.....7.....7.....7a....7:....7l"...8.%...8<,..<F.J..=F.N..>FtV..?F9\..@Fw_..AFr`..BF0g..CFll..DF|o..EF.v..FF){..MF....NF...QFf...RF....YF`...ZF...[F....\F....]F....L*....L.....L.....N.....N.....N.....N.....N.....N.....N.#...N.&...N.'...N.)...N.*...N.+...Nv,...N.-...N;r...N.|...Um....U.....UM....UV....U.....U....UC....U.....U....UM....U.....U.....Um....U.....U.....U.....U.....UQ....U.....U7....U.....U.....Uk....U.....U.....U.....U.....U.....U.....U.....U.....U.....U{....U.....U.....U.....U~&...U.)...U.Q...U.Q...U.V...U.[...U.\...U._...U.`...U?a...U.a...Uic...U.d...U\f...U.g...U.i...U1l...U.p...U.u...U.}...U.....U.....U^....U.....U.....Ux....U....U.....Uy....U6....U.....U....UR....Uq....U.....U.....U_....U.....U.....U..

                                                      C:\Users\user\AppData\Roaming\Snetchball\cef_extensions.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1305142
                                                      Entropy (8bit):7.99463351416358
                                                      Encrypted:true
                                                      SSDEEP:24576:8AkckSbnVLjWG13xdT0b+SLzRYt2k+lbG9EjJNH/osm22O+EcRfPLP:88zVXWG1hdAKSxY4k5EFNHgvPPLP
                                                      MD5:20DDA02AF522924E45223D7262D0E1ED
                                                      SHA1:378E88033A7083AAC24E6CD2144F7BC706F00837
                                                      SHA-256:8448C2BA10A3D7DC8CA3FB24F580BF99D91F746107B1A06E74932749CC1CAB01
                                                      SHA-512:E71320B2AA0CB52938206EC00187D78274646C4C7D3579B33A0163262C063B7813FE7ACD0D2E5807082ADE772069AA577FED7F594964790C2F7C061CE38467B6
                                                      Malicious:false
                                                      Preview:........i...f+....i+....l+....m+{...n+q...o+7(..p+.1..q+X3..r+~5..s+aI..t+.]..u+.f..v+Ui..w+'k..x+.l..y+.q..z+.s..{+O{..|+...}+=...~+.....+....+-....+.....+.....+.....+.....+.....+.....+.....+.....+.....+%....+.....+&(...+.Q...+.Y...+Xe...+Bj...+cv...+.}...+....+H....+....+Q....+l....+I....+.....+ ....+T....+!....+m....+.....+.....+U....+.....+.....+.....+l....+~....+.....+=....+w....+.....+-"...+.(...+.0...+.2...+.4...+.G...+uS...+.....+9....+y....+.....+.....+N....+....+0....+.....+.....+.....+_....+.....+.....+.....+.....+.....+.....+.....+.....+S....7`....7R...(7/...)7.....L.m...LO....L.....Mk....M.....M.....M>....M.....M.....Mq....M.....M.....M\....M.....M.....M.....M.....M.....M.....M.....M.....M.....MO....M.....M.....M.!...M.(...Mf5...M.;...M&E...M.P...M.T...M<]...M.`...M.j.. M.k..!M2v.."M.w..#M.z..$M....%M...&M...'M#...(M@...)M....*M(...+MY...,Mu...-M$....M..../MV...0M;...1Mx...2M....3M....4Mi...5M....6M....7MP...8M"...DM....EM.....Mi....M.~...M.~...Mb....M_....M....M.

                                                      C:\Users\user\AppData\Roaming\Snetchball\cef_sandbox.lib

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:current ar archive
                                                      Category:dropped
                                                      Size (bytes):87182312
                                                      Entropy (8bit):5.477474753748716
                                                      Encrypted:false
                                                      SSDEEP:196608:v0b1XAJ5V8XYcrfCNJsTtU0ZhdYHbgMnn6d25JOcLRiLnIrBcnK0EAeg1GF:78JaNJyZhdE6383rWEAR8
                                                      MD5:FFD456A85E341D430AFA0C07C1068538
                                                      SHA1:59394310B45F7B2B2882D55ADD9310C692C7144F
                                                      SHA-256:F188B96639B5157E64222BB8483D76CD21A99141FC2614EF275E20639C739264
                                                      SHA-512:EB4CB388383CB37B1D89531D560169985A80DF9335F005AFBBFDE56F9031821A933D735138B1086CF81D006E480FF14711A8A95B3DB8A0FD4037AA6EFD926B50
                                                      Malicious:false
                                                      Preview:!<arch>./ 1696073295 0 1940897 `...Y..:.t.:.>.:...:...:...:...:...;/..;/..;/..;/..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..;k..@...@...@...@...@...A...A...A...A...A...A...A...A...A...A...A...A...Co..Co..Co..Co..Co..Co..Co..Co..Co..Co..E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...E...G..G..G..G..G..G..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=..H=.

                                                      C:\Users\user\AppData\Roaming\Snetchball\chrome_100_percent.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):656926
                                                      Entropy (8bit):7.964275415195004
                                                      Encrypted:false
                                                      SSDEEP:12288:fI3Hdjzgsz5B0GDJQrnKs8SNP+QSsSilRBdNze0Vc+gIXgt4z8oO0TehEr7:g397zEEmPLSOdNze05gUgmz8oO0TOW
                                                      MD5:3404DD2B0E63D9418F755430336C7164
                                                      SHA1:0D7D8540FDC056BB741D9BAF2DC7A931C517C471
                                                      SHA-256:0D3FCA7584613EB1A38BAF971A7DD94F70803FC130135885EC675E83D16A4889
                                                      SHA-512:685D63633DB8A57D84225C2B92C92016E1CE98BA2BF8D3DDACE2EB120B3BCF84C718787D59DB6EC61F34CF91CB651500B4E4FF0AC37AEB89561CDCC586946C80
                                                      Malicious:false
                                                      Preview:..........+...........................&..........;.....;N....;.....;"....;.....;.....;N....;.....;.....;s....;....;.....;.....;....;4....;.....;.....;0....;.....;c....;7....;.....;.....;.....;.....;?....;:....;G....;.....;n....;x....;.....;.....;.....;#....;.....;.....;B....;.....;.....;.....;N....;.....;.....;+....;.....;% ...;c!...;.!...;."...;E+...;t4...;qH...;I\...;.]...;.^...;>a...;.c...;.g...;.o...;pw...;.|...;h....;.....;.....;....;.....;....;o....;.....;.....;.....;*....;y....;.....;.....;3....;9....;h....;.....;.....;.....;F....;."...;.+...;.0...;.8...;?:...;'X...;.q...;.....;....;.....;t....;.....;.....;.....;./...;.X...; m...;....;.....;.....;.....;+....;.....<O....<.....<.....<=....<2$...<y+...<.3...<.<...<aA...<.L...<.W...<.[...<._...<.d...<Dv...<t....<!....<....<....<.....<.....<.....<V....<.....<.#...<.8...<|F...<hP...<bW.. <i^..!<ts.."<(...#<{...)<`...*<c...+<d...,<"...;<x...<<k...=<....><-...?<....@<....A<'...B<g...C<....D<U...E<....F<....G<....J<....K<....L<v%

                                                      C:\Users\user\AppData\Roaming\Snetchball\chrome_200_percent.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1017158
                                                      Entropy (8bit):7.951759131641406
                                                      Encrypted:false
                                                      SSDEEP:24576:m3Tl5zLmmibkFR8+mZRUumegvQtc05UwvdAbatzk6edhOLoe9:m3Tl53mNbkFRJmHURhQW05JvdlzkjrOH
                                                      MD5:3FBF52922588A52245DC927BCC36DBB3
                                                      SHA1:EF3C463C707A919876BF17C3E1CD05C0D2C28CA9
                                                      SHA-256:C6FE346106C5E4950161ED72EB0A81FE3537A94E4A59461AAF54E750D1904F76
                                                      SHA-512:682EB6D61B564C878FDB971A6439FCDA9F1E108BD021A32E8990B68B1338986A4866A0965DEA62567501C8826D43CEBF2B7C8BE8323DE415A75E8D89A9D592E7
                                                      Malicious:false
                                                      Preview:..........+.....................b................;.....;&....;.....;.....;.....;.....;b....;....;8....;.....;.....;o....;....;<....;.....;.....;l....;....;/....;.....;[....;Q....;.....;j....;.....;.....;L'...;.E...;lZ...;.o...;.q...;.r...;.s...;.{...;.{...;.~...;"....;.....;U....;.....;.....;.....;....;d....;.....;.....;i....;.....;f....;....;0....;.....;.....;.(...;+*...;.+...;A....;54...;.9...;,O...;.`...;.n...;.~...;.....;.....;M....;....;;....;q....;Z....;.....;.....;.-...;\=...;.P...;.d...;@|...;.....;Y....;#....;_....;/....;.....;.#...;.;...;.J...;gc...;cf...;W....;....;W....;.....;.....;.....;7....;.-...;.I...;Y\...;W....;....;.....;S....;.....;t....;.....;.....<W....<.&...<9<...<iG...<jQ...<.X...</a...<gi...<.n...<Pz...<.....<f....<.....<I....<.....<.....<.....<4C...<4d...<....<....<.....<.....<.....<D8...<.e...<_....<....<.... <I...!<...."<.E..#<.E..)<.G..*<%j..+<N...,<....;<....<<v...=<....><....?<....@<y...A<....B<....C<....D<....E<"F..F<.J..G<.O..J<.X..K<.e..L<.r

                                                      C:\Users\user\AppData\Roaming\Snetchball\chrome_elf.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):1174528
                                                      Entropy (8bit):6.475826085865088
                                                      Encrypted:false
                                                      SSDEEP:24576:I3lp87thPKuxyj+tWF8lCwOvzr90p5OM3:FauY+tWF8b5OM3
                                                      MD5:207AC4BE98A6A5A72BE027E0A9904462
                                                      SHA1:D58D2C70EA0656D81C627D424F8F4EFCCEF57C86
                                                      SHA-256:2BA904DA93ACC4766639E7018AC93CC32AA685DB475F3A59B464C6BC8B981457
                                                      SHA-512:BFB6C58774829DB3D5FADC92CB51477FF4EAC8FB934DB6583A312BB1157468F6DD3A4A3AFAF25A687B74890DC8A69857A12D0B38B18D83E82836E92E02046FF3
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....e.........."!.....v...p......P.....................................................@A........................vT......AX..<.......x...........................<<.......................;......(...............<[.......O.......................text....u.......v.................. ..`.rdata..\............z..............@..@.data...H...........................@....00cfg...............F..............@..@.crthunk.............H..............@..@.tls.................J..............@...CPADinfo(............L..............@...malloc_h.............N.............. ..`.rsrc...x............P..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_43.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):2106216
                                                      Entropy (8bit):6.4563314852745375
                                                      Encrypted:false
                                                      SSDEEP:49152:DpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Akb:H3P9HP6Zpy9KyhMI50Du8LljslNsyHiS
                                                      MD5:1C9B45E87528B8BB8CFA884EA0099A85
                                                      SHA1:98BE17E1D324790A5B206E1EA1CC4E64FBE21240
                                                      SHA-256:2F23182EC6F4889397AC4BF03D62536136C5BDBA825C7D2C4EF08C827F3A8A1C
                                                      SHA-512:B76D780810E8617B80331B4AD56E9C753652AF2E55B66795F7A7D67D6AFCEC5EF00D120D9B2C64126309076D8169239A721AE8B34784B639B3A3E2BF50D6EE34
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.h...;...;...;..];...;...;...;.._;...;..h;0..;..i;'..;..X;...;..l;D..;?M.;...;..Y;...;..^;...;Rich...;........PE..L...92.K...........!.........d...............................................p .....O. ...@.........................@.......@...P..................... .h............................................i..@............................................text...S........................... ..`.data....~.......B..................@....rsrc................(..............@..@.reloc..D............,..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\d3dcompiler_47.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):4127200
                                                      Entropy (8bit):6.577665867424953
                                                      Encrypted:false
                                                      SSDEEP:49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
                                                      MD5:3B4647BCB9FEB591C2C05D1A606ED988
                                                      SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
                                                      SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
                                                      SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\devtools_resources.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):2205743
                                                      Entropy (8bit):7.923318114432295
                                                      Encrypted:false
                                                      SSDEEP:49152:qHlbrhXKMVp/DVegxF2Xe1WFG4F3KMWB7rwz3yY+23:qFnhXKwggr0cWEgaMi7rwrw23
                                                      MD5:54D4E14BFF05C268248CAB2EEDFB61DD
                                                      SHA1:33AF472176F6E5FB821FFE23C9FBCCC7C735B5B9
                                                      SHA-256:2CAC401BFFA9FD4DFFE11E05EE18FC5CA7A30EC5BF7EF6A3EA8518A4F3344790
                                                      SHA-512:5A6893E7EA30EAA0EFF44687B0D15366A8224E476E4AE8FE0D5C7EF2B3C62E6B0184F73EAD36C4E4E08D6936524CEF8429660B3EC29453EED128E3C5368CE78C
                                                      Malicious:false
                                                      Preview:........K....[.....[.....[.....[Y....[.....[.....[.....[.....[P ...[.!...[."...[.#...[.$...[.%...[.%...[T&...[0'...[/(...[.(...[.(...[.*...[.+...[{,...[1-...[.-...[3....[b/...[.0...[.1...[.2...[.3...[,4...[.4...[P5...[.5...[#6...[!8...[.8...[.9...[.9...[::...[q;...[Y=...[.=...[ ?...[.@...[0A...[iB...[?D...[.E...[pE...[UF...[.G...[.H...[)I...[.I...[.M...[.M...[DN...[.N...[FO...[.O...[.Q...[oV...[uW...[cX...[[\...[.]...[Ea...[bc...[.c...[ d...[.d...[oe...[.f...[.h...[.i...[Xj...[.k...[.l...[An...[.o...[.p...[.....[....[.....[.....[.....[.....[[!...[.%...[d....[x1...[.4...[.4...[.9...[.C...[.Q...[KS...[#V...[=]...\.b...\.z...\Q}...\.....\.....\*....\`....\.^...\7b...\uy...\g....\.....\.....\=....\....\....\....\'....\.....\....\.... \....!\...."\....$\....%\....&\....)\....*\....+\.Q..,\.S..-\.U...\..../\w...0\....1\8...2\....3\....4\....5\....6\....7\.T..8\.z..9\6...:\....;\c...<\)&..=\.*..>\>5..?\JU..@\.r..A\....B\9...C\....D\S...E\....F\\y..G\Y...H\%...I\....J\M...K\.a..L\.j..M\.n

                                                      C:\Users\user\AppData\Roaming\Snetchball\icudtl.dat

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):10717392
                                                      Entropy (8bit):6.282534560973548
                                                      Encrypted:false
                                                      SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                      MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                      SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                      SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                      SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                      Malicious:false
                                                      Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                      C:\Users\user\AppData\Roaming\Snetchball\libEGL.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):377856
                                                      Entropy (8bit):6.602916265542373
                                                      Encrypted:false
                                                      SSDEEP:6144:oJ4tr7XVkL/2qBCOeRMIKVpqtXmzKwdo23zqyU73omBT095OiZH:2NfBCOeR/KVpqtio23zqyOsOo
                                                      MD5:8BC03B20348D4FEBE6AEDAA32AFBBF47
                                                      SHA1:B1843C83808D9C8FBA32181CD3A033C66648C685
                                                      SHA-256:CBEE7AC19C7DCCCA15581BD5C6AD037A35820DDFE7C64E50792292F3F2E391E6
                                                      SHA-512:3F9EEC2C75D2A2684C5B278A47FB0E78B57F4F11591FAC4F61DE929F716BBAA8F7DF05E10390408AD6628538611541548C26869822372E9C38D2C9C43881651E
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....e.........."!.....`...`............................................... ............@A........................8,..h....:..(.......x........................>..........................D........p..............(<..`............................text....^.......`.................. ..`.rdata..L....p.......d..............@..@.data....4...p.......`..............@....00cfg...............|..............@..@.tls.................~..............@....rsrc...x...........................@..@.reloc...>.......>..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\libGLESv2.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):6635008
                                                      Entropy (8bit):6.832077162910607
                                                      Encrypted:false
                                                      SSDEEP:196608:HrmMLEFtac5bM68f8Oi3WjH13GzSW3430aTwQCe:a+ktad68f8Oi3oH13GztokaTwbe
                                                      MD5:63988D35D7AB96823B5403BE3C110F7F
                                                      SHA1:8CC4D3F4D2F1A2285535706961A26D02595AF55C
                                                      SHA-256:E03606B05EEAED4D567EA0412350721C0D566B3096B18C23BD0B3FCDE239E45A
                                                      SHA-512:D5F5ACA00BE9E875FCD61531CC7F04F520FB12999E36E4FE06BEAAE491B47D2E9FE182015DB1CBFBB8E78CF679F2EB49E20ECDF1B16D1D42058D6F2D91BC3359
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....e.........."!......L...........@.......................................e...........@A.........................].......^.d.....a.......................a.."...U]......................T].....X.L.............H.^.@.....].@....................text.....L.......L................. ..`.rdata...I....L..J....L.............@..@.data...X....._.......^.............@....00cfg........a.......a.............@..@.tls..........a.......a.............@....rsrc.........a.......a.............@..@.reloc..."....a..$....a.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\libcef.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):176517632
                                                      Entropy (8bit):7.025874989859836
                                                      Encrypted:false
                                                      SSDEEP:1572864:VSuR7JVHywK/Sf1rWID4Pu2v8zgguHWJEqM90Hw4DclJkBLrWXmfnehuWNIPKtlL:MCYRNIPKYTFBhfmOS9KBaVz
                                                      MD5:F5259CC7721CA2BCC8AC97B76B1D3C7A
                                                      SHA1:C2FC0C8396D8CD6764809A2A592972E2EBCA64BA
                                                      SHA-256:3FE6A262EF01CB8FD4DC2D4373DE0F1F0A89EE51953452ED4557CB55F1DA9AB4
                                                      SHA-512:2D01B1F2B24717EFF37965BBC32D167434A65F3DFFF74342D2E2FA8FBB0E97C3F61FDF673A13AD63031D630D9CE46A6F9F0C4F89EBD30C31F3EA55817B9D1331
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....e.........."!.........N.......k....................................................@A........................#..........h....0J.(C....................L.|.\.P................................?..............`.......LY..@....................text............................... ..`.rdata...%2..0...&2.................@..@.data...dr+..`.......>..............@....00cfg........I.......&.............@..@.rodata.@.....I.......&............. ..`.tls..........J.......&.............@...CPADinfo(.....J.......&.............@...malloc_h..... J.......&............. ..`.rsrc...(C...0J..D....&.............@..@.reloc..|.\...L..0\..B).............@..B........................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\libcef.lib

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:current ar archive
                                                      Category:dropped
                                                      Size (bytes):40258
                                                      Entropy (8bit):4.547436244061504
                                                      Encrypted:false
                                                      SSDEEP:384:EDDktao110LafOv9YObvWKH0Nd4wM5gqJ/xqFeRinM68BifLUsOgC7EYo:gDkP10LafOR5gmqFSinF8BsYo
                                                      MD5:310744A0E10BD9C2C6F50C525E4447F9
                                                      SHA1:9BA62D6AC2CB8EFF46C9B21051677FC1DC66D718
                                                      SHA-256:E9C55CFF925E26812139CDCAD6612E0D69E317CB7BB1435C9EB5113D338ACCE7
                                                      SHA-512:6DF9E3F9AFD7CDEC750B006987E5AEC445E163DD0B9CF1A9EA53F78DB2EE5FD654E3B4F82BCA3E1F4BEDB189F5DFA51189C820905676AD048DBE2E0AD405BF5B
                                                      Malicious:false
                                                      Preview:!<arch>./ 0 0 0 0 14390 `.......8z..:&..:...;...;...<&..<&..<...<...=...=...=...=...>...>...>...>...>...>...?f..?f..?...?...@B..@B..@...@...A$..A$..A...A...B"..B"..B...B...C...C...C...C...D...D...D...D...D...D...E...E...E...E...Fn..Fn..F...F...GZ..GZ..G...G...HJ..HJ..H...H...I$..I$..I...I...J...J...J...J...K ..K ..K...K...L...L...L...L...M...M...M...M...N...N...N|..N|..N...N...Od..Od..O...O...P`..P`..P...P...QP..QP..Q...Q...RT..RT..R...R...S@..S@..S...S...T...T...T...T...U...U...Un..Un..U...U...VP..VP..V...V...W,..W,..W...W...X...X...X...X...X...X...Y\..Y\..Y...Y...ZB..ZB..Z...Z...[,..[,..[...[...\...\...\...\...\...\...]b..]b..]...]...^N..^N..^...^..._6.._6.._..._...`$..`$..`...`...a...a...a...a...b...b...b...b...c...c...c...c...c...c...dj..dj..d...d...e^..e^..e...e...fV..fV..f...f...g8..g8..g...g...h*..h*..h...h...i"..i"..i...i...j...j...j...j...k...k...k...k...l...l...l...l...l...l...mh..mh..m...m...nN..nN..n...n...o2..o2..o...o...p...p...p.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\af.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):470498
                                                      Entropy (8bit):5.409080468053459
                                                      Encrypted:false
                                                      SSDEEP:12288:5Qs+yrck0o+wZiSMKVQ2uM2Z12JynA7PIZ+sdgSTCSQ2fs37KQOb5t/tn6AmHiKL:5n+yrck0ofMSMaTuM2Z12JynA7PIZ+se
                                                      MD5:64F46DC20A140F2FA3D4677E7CD85DD1
                                                      SHA1:5A4102E3E34C1360F833507A48E61DFD31707377
                                                      SHA-256:BA5CA0A98E873799A20FD0DF39FDB55AAB140E3CC6021E0B597C04CCE534246D
                                                      SHA-512:F7D789427316595764C99B00AF0EF1861204F74B33F9FAB0450F670CB56290C92BFB06EF7D1D3B3BF0B6ACDC6295E77F842C49579BD9973E3D5805920CDB2527
                                                      Malicious:false
                                                      Preview:........$$..e.>...h.F...i.N...j.Z...k.i...l.t...n.|...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.....W.....f.....w.................x.................A.......................S.........................................%.....{.......................V.......................J.......................Y.......................e.......................a.......................l...................................O.....f.......................).....z.......................6.....u.......................Q.......................E.....w.................!.....I.....R.............................l.......................f.................+.............................f.......................D.......................<......................._.......................2.....~.................2.....v.................X...........$.....8.................P.....r...........6.....j.....}.................1.....?...................

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\am.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):763010
                                                      Entropy (8bit):4.909167677028143
                                                      Encrypted:false
                                                      SSDEEP:12288:1Qw5lCtXTZou7fVIx2TERZ3ej56NNzLY5+9FQVrBO0PCx30jH8+F:1QACtXTZlVIxJRZuj56NNzLY5+9FQVrr
                                                      MD5:3B0D0F3EC195A0796A6E2FAB0C282BFB
                                                      SHA1:6FCFCD102DE06A0095584A0186BD307AA49E49BD
                                                      SHA-256:F9F620F599BC00E84A9826948C3DA985AC9ADB7A6FFB4C6E4FBEFEAF6A94CF85
                                                      SHA-512:CA9217F22C52EF44E4F25142D1AD5DD9D16E4CCC3B6641609E1F4C2650944E35BA4CAB59CA5CD9EA6FEFD6BE1D3E8227FC0E3E6BDEDD14B059CA2C72D096D836
                                                      Malicious:false
                                                      Preview:........>${.e.r...h.z...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.(...|.....}.@.....H.....M.....U.....].....e.....l.....s.....z.....{.....|...............................................F.....f.....'...........V...........Y.............................5.................F.................!.................d.....z...............................................C...........\.................z...........h...........3...........$.....C.................e.................i.................,.......................X.............................h.......................!.....|...........$.............................1.....}.........................................Z.................|...........'.....N...........F.................;.............................G.................v............ ....4 ..... ....X!.....!.....!....x"....."....Z#.....#....M$.....%.....%.....%.....&....+'.....'.....'.....(....D).....).....)....2*.....*.....*.....*.....+....",.....,

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ar.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):838413
                                                      Entropy (8bit):4.920788245468804
                                                      Encrypted:false
                                                      SSDEEP:12288:izbA8VvnwBkh5/N/REWH4gzWvwU5Bwikcb56NiN+o2qeTk:UjERl51+K
                                                      MD5:C70B71B05A8CA5B8243C951B96D67453
                                                      SHA1:DEED73A89F0B3EDAB8FF74117CC6B31CB4F426E8
                                                      SHA-256:5E0D4BC0893A334B6FFF610F66E4A00920530D73EC3257EB9D37A96EBD555C13
                                                      SHA-512:E000FD3592AC5FE700C4CE117868915C066AC66D5954A1DE4F5AFF0F4559C93F7DFF47623F1837CE827FFF94E91ECD89A974037BE9CCCC8E672E229A1E8115E9
                                                      Malicious:false
                                                      Preview:.........#..e.....h.....i.....j.....k.....l.!...n.)...o.....p.;...q.A...r.M...s.^...t.g...v.|...w.....y.....z.....|.....}.........................................................................-.....d.................n...........A...........u.......................O.......................D.................Y...........3.....J...........=.....g.....~.....&.................O.......................B.....!...........u...........5...........).....W.................3.....N.....U.....B...........!.........../.....Y........... .......................g...........).....I.................#.....A...........@.................6........... .....D...........I.................%.............................=.................?...................................G...................................).....t............ ..... ..... ..... ....o!.....!....6"....\"....."....S#.....#.....#.....$.....%....V&.....&....5'.....'.....(....J(.....(....X).....).....).....*....z*.....*.....*....t+.....,....{,.....,....--

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\bg.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):869469
                                                      Entropy (8bit):4.677916300869337
                                                      Encrypted:false
                                                      SSDEEP:24576:BSLV0eChsqfaElYMdAs1axUjHh373ZI93aAK5kVDgQwRunpKd2ao5JJqueRSQQFc:BmSeChsqfaElYtUjHh373Zi3a1kVDgQS
                                                      MD5:12A9400F521EC1D3975257B2061F5790
                                                      SHA1:100EA691E0C53B240C72EAEC15C84A686E808067
                                                      SHA-256:B7FD85B33B69D7B50F6C3FDC4D48070E8D853C255F2711EEDAA40D1BA835F993
                                                      SHA-512:31EAA1CBF13BC711750B257C6B75813ACC8E4E04E9262815E399A88B96BA7B5BE64CE2450638B5521D5CB36750C64848944168C3234D2CE15A7E3E844A1E1667
                                                      Malicious:false
                                                      Preview:........%$..e.@...h.H...i.P...j.\...k.k...l.v...n.~...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}................... .....(.....0.....7.....>.....E.....F.....G.....L.....n...................................I...........Q...........q.......................T.................E.......................7.....~...........<.................:.....&...........F.................X...........$.................Z...........X...........m.................C.........................................{...........:.....a...................................8................._...........O.....}...................................$.....h.........................................2.............................3 ....e .....!.....!.....!.....".....".....#....W#.....#....{$....-%.....%.....%.....&....k'.....'....T(.....).....).....).....).....*....`+.....+.....+.....,....p-.....-....&....../...../.....0.....0.....1....o2.....2....73.....4.....4.....4....-5.....5....X6.....6.....6.....7.....8.....9

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\bn.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1118348
                                                      Entropy (8bit):4.2989199535081895
                                                      Encrypted:false
                                                      SSDEEP:3072:V2rCcsPp3UbQ7792UA7pHFEadKZ0ZfQ0/QeIyTt7ukkBBbpUDDM51biXlau:V2rCcsPB2eJRApG2Iyp7ubBbf5ElP
                                                      MD5:89A24AF99D5592AB8964B701F13E1706
                                                      SHA1:2177122C6DCC20E1D07EF43AF5A112E8E5C6B95B
                                                      SHA-256:5BDBBCD0D07B6AE3A7F96F07871EE541F4111D90D73FD6E112C5ABE040025C96
                                                      SHA-512:60F6CD73BF35886EF54FA6200F86BCED78DD11F612C8071F63EB31108F109C166D45609879E8E5107024A025BAFCFCF1C80051B6D8FF650D92DCF17136384EB1
                                                      Malicious:false
                                                      Preview:........($..e.F...h.N...i._...j.k...k.z...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......#.....(.....0.....8.....=.....E.....L.....S.....Z.....[.....\.....a.............................=.....G...........?.....4...........................................................B.....}.....>...........k...........X...........].............................q.....W...................................W...........S...........e.............................I.....m.....e..........._.....(.................9...........q.................p...........5.....X.....8...........Q...........M...........I.....u.....-...........!.....G............ ..... ..... .....!....P".....".....".....#.....%.....%.....&.....'.....'....^(.....(....;).....).....*....6*.....+.....+....1,....],....E-................-/...../....x0.....0.....0.....1.....2.....2.....3...."4.....4....x5.....5.....6....78....*9....]9.....:.....;....;<.....<.....=....?>.....>.....>.....?....y@.....@.... A....&B.....B

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ca.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):537139
                                                      Entropy (8bit):5.397688491907634
                                                      Encrypted:false
                                                      SSDEEP:12288:RZZsIQ87TcELygV3z5PAF4N3Mw2juwHzejm0t3lvq8E9oCRaIs3cmlLEY2CJLLyG:vqH4V8R2A9lMN4MZRg5u5dq8
                                                      MD5:37B54705BD9620E69E7E9305CDFAC7AB
                                                      SHA1:D9059289D5A4CAB287F1F877470605ED6BBDA2C8
                                                      SHA-256:98B2B599C57675EFC1456B38B23CE5657B142E0547F89AB1530870652C8EB4BA
                                                      SHA-512:42D667FEB59BB5FA619AC43DC94629ED1157CBE602643FB21378A2C524EF1F6E32098E7C62D3F3DE35D9FEDEF6607FE034908601AE3C49156CD0916E2514D2F9
                                                      Malicious:false
                                                      Preview:........%$..e.@...h.H...i.P...j.\...k.k...l.v...n.~...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}................... .....(.....0.....7.....>.....E.....F.....G.....I.....c.....|................._...........[.....z...........O.................D...........(.....G.................B....._.................A.....T.................8.....I...........3.....u...........(.......................p.................,.......................1.................T.....o.............................v.......................b.......................@.......................@.......................O.......................<.............................`.......................P.........................................M.......................H......................._.........................................n.......................Q.......................[.............................1.................>.........................................6.............................|...........".....>.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\cs.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):545011
                                                      Entropy (8bit):5.844949195905198
                                                      Encrypted:false
                                                      SSDEEP:12288:yW0j+bk/1ryvoP5QW5FK8VtDNOQ3SCmPA:blI1uvoR95FK8VnObCmPA
                                                      MD5:65A2C2A73232AB1073E44E0FB6310A5F
                                                      SHA1:F3158AA527538819C93F57E2C778198A94416C98
                                                      SHA-256:E9A1610AFFCA9F69CD651C8D2EDD71B5A0F82CB3910A8A9D783F68E701DB5BB0
                                                      SHA-512:20ED527F3BBBA2CECE03D7B251B19D6DCC9D345B5425291D8139FCDD5646EC34D585891160CC4BD96C668D18FFFFDD56F4D159880CFC0D538749F429F7F65512
                                                      Malicious:false
                                                      Preview:.........$..e.....h.&...i.....j.:...k.I...l.T...n.\...o.a...p.n...q.t...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................#.....$.....%.....'.....7.....I.....[.....p.............................|.................%...........(.........................................3......................./.......................2.......................z...........I.....k...........R.......................v................./.......................z...........=.....W.................&.....=....................... .....o.......................^.......................r.......................m.......................b.......................z.................0...........%.....i.......................3.....G.......................(.......................1.................R................./.....J.....^...........A.....q.................`.................,...................................V.....w...........Z.......................O.....t.................b.......

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\da.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):496165
                                                      Entropy (8bit):5.446061543230436
                                                      Encrypted:false
                                                      SSDEEP:6144:uH+pwMYDA3cPzVWwqV5cU3HVEs7avwlTwUJwa7obRR2vJub5iNraBDUd4vTGqfwB:ueCFDccAzHza0QR5KraTpO
                                                      MD5:A44EC6AAA456A6129FD820CA75E968BE
                                                      SHA1:9B5B17AFD57ADB8513D2DA9A72223E8A003975A5
                                                      SHA-256:F01F9C3E4E6204425F2969F77BF6241D1111CE86CDD169BDF27E5D2D4B86C91A
                                                      SHA-512:947DB81EA64009CC301CD2DCE06384202E56446F6D75E62390334B91D09B564CB0681E06BF7A945033BD6C28C2171346A91EE16693262C4E373A31B51AD42A9E
                                                      Malicious:false
                                                      Preview:........,$..e.N...h.V...i.g...j.s...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.".....*...../.....7.....?.....G.....N.....U.....\.....].....^.....`.....n.....~.........................................Q.............................*.....q.................].......................P.....w.................8.....b.....p...........9.....h.................n.................7.......................^............................. .....p...................................q.......................X.......................1...............................................".............................{.......................Z.......................C.....p.....~...........y.................4.............................l.......................I.....f.....v...........^.................................................................F.......................B...................................O.....~...........J.....z.................$.....@.....M.................F.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\de.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):534726
                                                      Entropy (8bit):5.49306456316532
                                                      Encrypted:false
                                                      SSDEEP:6144:DHU4lkHqzOxl5bARnY43K7Up7aD3gXra/nOdaIyRL3AnO1a265iM5CRQmTzMRQIz:L5l+qCx4e43K7UpugbaPotwS5Cmv4CYe
                                                      MD5:49CA708EBB7A4913C36F7461F094886B
                                                      SHA1:13A6B5E8DC8B4DF7A976A0859684DC0AA70F1B12
                                                      SHA-256:8AE7D6B77C51A4FE67459860ABDAE463F10766FAF2BA54F2BB85FD9E859D2324
                                                      SHA-512:6908F96BFDF7499B33E76697AA96103E89ACB3E25EDBD6156B610564AF14D4ED474C547A760503490B6327A801478E223039836BEEF2B938AF76827A15C0F751
                                                      Malicious:false
                                                      Preview:.........#..e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.%...y.+...z.:...|.@...}.R.....Z....._.....g.....o.....w.....~.................................................................X.................E...................................^.....x...........n................./.......................Z...................................U.....w.............................h...........&.....7...........9.....w........... ................. ..........._.................D.......................U.......................h...................................a.....x...........f.........................................F.......................u...........).....;...........j.................A.......................;.......................9.......................t...........,.....`...........-.....K.....b...........G.....s.................}.................T...........,.....6...........S................./.......................K.......................t...........*.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\el.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):950999
                                                      Entropy (8bit):4.76377388695373
                                                      Encrypted:false
                                                      SSDEEP:24576:aYcXPdGgx11hxi9c9N+JXDsSYSmqHMuD2fpoLwj3BAVH8+Vdc7tNDQo3sEtf2otu:aYcXPdGgx11hxi9c9N+JXDsSYSmqHND9
                                                      MD5:9CBC320E39CFF7C29F61BD367C0BF3BB
                                                      SHA1:2AF07EFFF54A0CF916CF1C0A657F7B7ADF2029FF
                                                      SHA-256:E8837DEFA908EB2FD8B4EB6344412C93403A4258F75EC63A69547EB06A8E53B3
                                                      SHA-512:F7D84185F4520E7AAF3F3CACF38B53E9638BB7D5023FA244020EC8D141FFD5C10B198FF089824D69671FE8350F931B0BB19B6CAF14AF47B0838953367A146DD0
                                                      Malicious:false
                                                      Preview:........)$..e.H...h.P...i.X...j.b...k.q...l.|...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................&...........6.....=.....D.....K.....L.....M.....O.....v.......................5...................................V.................h...........F.....i...........~...........{...........a...........'.................&.......................M.....U.....O............................./.....J.....1..........._...........{.....6................. .............................g.......................<.................J...........8.....t.....O.....).......................U............................................................ ..... .....!.....!.....".....#.....$.....$.....$.....%....|&.....&.....'.....'....;(....t(.....(....M).....)....;*....h*....U+.....,.....,.....,.....-....8.....t...........f/....(0.....0.....0.....1....S2.....2.....3....64....Q5.....6....@6....A7....(8.....8.....8.....9.....:....o;.....;....[<....%=.....=.....=.....>.....?....6@

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\en-GB.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):430665
                                                      Entropy (8bit):5.517246002357965
                                                      Encrypted:false
                                                      SSDEEP:6144:i+r1EvWwB7qlh7bcMP9eBT/LfaY1+/845qlSBBE0RbPB:i+2dFugMeT/7o54SjB
                                                      MD5:0F1E2BC597771A8DB11D1D3AC59B84F3
                                                      SHA1:C1F782C550AC733852C6BED9AD62AB79FC004049
                                                      SHA-256:E4798E5FF84069C3BFD7D64734CCD9FF5C8A606315B44A714ACDCABDDAF3CA6E
                                                      SHA-512:07E9B98357C880995576059AD4E91E0F145DC0F2FFF2DFDAD8649FA42EB46FA86F7F093503C41019EAD4550784E26C553D171518355FBBF995E38B1F6D7ABFF0
                                                      Malicious:false
                                                      Preview:.........$ .e.(...h.0...i.>...j.J...k.Y...l.d...n.l...o.q...p.~...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................%.....,.....3.....4.....5.....:.....G.....V.....f.....w...........J.......................H.....y.................I.......................@.....o.......................?.....M............................._.......................B.......................8.............................[.......................*.....V.....a...........*.....l............................. .....^.............................A.....b.....n.................H.....[.......................+.....t.......................5.....y.......................:.....c.....n...........'.....d.....y.................).....?.............................G.............................].......................4.....O.....^.................6.....F.................#.....;.................V.....d...........$.....[.....x.................F.....U.............................k.............

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\en-US.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):434598
                                                      Entropy (8bit):5.509004494756697
                                                      Encrypted:false
                                                      SSDEEP:6144:7nI68aw+/9meyTMP9eLX9ifaY3yzq5OJSMn0F/lFRwj:7nzbIMAX9cj5GShRwj
                                                      MD5:FEAB603B4C7520CCFA84D48B243B1EC0
                                                      SHA1:E04138F1C2928D8EECE6037025B4DA2995F13CB4
                                                      SHA-256:C5B8FBDBB26F390A921DCACC546715F5CC5021CD7C132FD77D8A1562758F21F4
                                                      SHA-512:E6B3970A46D87BFD59E23743B624DA8116D0E1A9912D014557C38FD2664F513E56317AFA536DF52E7E703863FBD92136BE57EE759A2FFC2958AB028F6287E8B7
                                                      Malicious:false
                                                      Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.,...y.2...z.A...|.G...}.Y.....a.....f.....n.....v.....~.................................................................G.......................\.......................Q.......................T......................./.....t.......................7.....^.....k.................".....9.................!.....9.............................i.......................7.......................!.............................K.....f.....u.............................Y.............................k.......................G.....t.......................7.....B.............................J.......................$.....~.......................^.............................=.....R.............................q.......................X.............................X.......................7.....o.................X.......................k.......................a.......................!.....C.....S.................,.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\es-419.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):524728
                                                      Entropy (8bit):5.377464936206393
                                                      Encrypted:false
                                                      SSDEEP:6144:PNCz1pZTuB8WGz7iOXIp5YRmB5qLFA9IMWm+Q:P0z1LsCmpXB54FTbQ
                                                      MD5:32A59B6D9C8CA99FBD77CAA2F586509A
                                                      SHA1:7E8356D940D4D4CC2E673460483656915AA59893
                                                      SHA-256:AA4A5AA83DD5F8476867005844F54664DB1F5464A855EF47EC3A821DAF08E8F2
                                                      SHA-512:860BA06228BBA31EEC7EB8BD437DDB6E93BABD0129033FB6EFF168F2FB01B54E2B93D2AB50A5D4F5D2FB7B04A5D0DD5541999D708CC2613B74AADD17B3E98735
                                                      Malicious:false
                                                      Preview:........5$..e.`...h.h...i.q...j.}...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.,.....4.....9.....A.....I.....Q.....X....._.....f.....g.....h.....j.....|.......................J...........>.....Y...........1.....v..........."...................................L.....g.................4.....G.................,.....=...........7.....}...........6...................................6.....I.................\.....s..........._.................Z...........2.....Y.......................:.......................".......................0.................R.....e...........).....g.....s.................P.....[.................4.....>.................L.....\...........O.................!.....v.................+.....x.................i.................:.................2.......................!.......................0.................I.....c...........x.............................B.....p...........V.......................G.....j.....}...........n.............

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\es.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):523181
                                                      Entropy (8bit):5.356449408331279
                                                      Encrypted:false
                                                      SSDEEP:6144:U9Fif228l1GmDS12LhMD3RgDEqpF+Eey1w4Fj05dlrIbosZ86PZHk8jHq:YnymDZqDMnp6y1wEj05frQosRK
                                                      MD5:3D1720FE1D801D54420438A54CBE1547
                                                      SHA1:8B1B0735AE0E473858C59C54111697609831D65A
                                                      SHA-256:AE32D66C0329104B9624BA0811FE79149D1680D28299440EC85835DBA41C7BD2
                                                      SHA-512:C033BBB5261EC114DCB076EDB5E4B3293F37D60C813674A947F996606A6289204C04D2E4315356D92EEEB43FF41D534997DBEBBF960B17F2F24AA731AFE4B7E1
                                                      Malicious:false
                                                      Preview:........5$..e.`...h.h...i.p...j.|...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.+.....3.....8.....@.....H.....P.....W.....^.....e.....f.....g.....i.....|.......................O...........G.....b...........D.................0........... .....:.................Y.....t.........../.....^.....n...........0.....X.....i...........c.................W...................................I.....Z...........*.....f.....{...........o.................g...........+.....P.................8.....N.................".....1.................*.....@.................?.....R.................;.....G.................%.....0.............................y...................................D.....^.................@.....].................5.....T...........;.....`.....s...........h.................M.......................A.......................W.............................&.................)...................................A.....U................. .....3.................D.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\et.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):475733
                                                      Entropy (8bit):5.456553040437113
                                                      Encrypted:false
                                                      SSDEEP:6144:iX3+xmSYCSnKJ1ONRCOeP+DEmThFC0jmFohW4xSpY0lgtim0DM53j0437PZCfLaQ:W5SZSvrewtHmFoh69M53jq5
                                                      MD5:C00D66D3FD4FD9D777949E2F115F11FB
                                                      SHA1:A8EAAD96CABCDFB7987AF56CB53FA5E16143EC48
                                                      SHA-256:26C438935E3F666329EE8D1DABA66B39179BCF26EBAC902F9B957A784BDC9B4A
                                                      SHA-512:E7E8C083B556DD05874AC669B58A4D1CD05D1E1B771EB4C32942869E387C6FA2B317B5F489138BD90135117DAEB051D96A7823B531DF0303BD4245A036F25A20
                                                      Malicious:false
                                                      Preview:........@$y.e.v...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................S...........J.....e...........4.....d.....w...........Y.......................u.......................m.......................\.......................[.........................................7.......................;.......................K.......................x...........;.....R.................9.....T................. .....,.............................w...........#......................./.....=.................'...../.................".....1.................$.....,.................O.....g.................4.....J.................,.....O.................4.....A.................=.....i.................&.....7.................#.....;.................?.....Z...........U.................C...................................@.....M...........................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\fa.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):773397
                                                      Entropy (8bit):5.04618630633187
                                                      Encrypted:false
                                                      SSDEEP:12288:Rpf0JNE8u313uyqoe+srXcfqEdvRmXzoT4WmdAQifaQ2XxFvGk62BtMX9OxRdpxL:RN4E8u313uyqoe+sEqIvRmXzoT4WmdA+
                                                      MD5:C998140F7970B81117B073A87430A748
                                                      SHA1:8A6662C3AABDAC68083A4D00862205689008110C
                                                      SHA-256:182F18E4EFCA13CA59AFD1DF2A49B09733449D42526EE4700B11A9C5E6AAC357
                                                      SHA-512:5A947A44F674F9556FDD44D2E4FF8CF0E0AAC4475FFA12480CA1BD07CFE7514961B7CACE6760189432B4B4BEB5EA5816701158EB3CB827A806F3063853C46D5E
                                                      Malicious:false
                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}...............................................................................-.....T.....9.......................^...........u..........._.............................H.................a...........S.....f...................................?.................j..........._.............................'...........f.......................I.......................v.............................Q.....u...........}.................S...........).....@...........x.................m...........M.....d...........p.................H.................:...........`.................`...........l...............................................s...........C...........0.....P.......................;...........1 ....V ....q ....+!.....!....'"....I"....."....|#.....#.....#.....$.....%.....&.....&....j'.....(....l(.....(....W).....)....M*....p*.....*....n+.....+.....+....d,.....-....P-....x-

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\fi.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):483378
                                                      Entropy (8bit):5.428549632880935
                                                      Encrypted:false
                                                      SSDEEP:6144:0gE19jr//8e36LTFh20RJrDs6TIOEysaIuLL5yYWyHrE5WacvkoPWmMWO4AMBXH+:0F19f/r5pa35yYdHrE5WaVpoYD
                                                      MD5:1CFD31A6B740D95E4D5D53432743EBF1
                                                      SHA1:20CEEEA204150BD2F7AAE5866C09A3B0AE72D4C5
                                                      SHA-256:F821E06B4BACD9E7660A2D6912A049591FFD56C6D2A0A29B914648589B17B615
                                                      SHA-512:C483B7347F91BE8EE515DCF352A1D7502B9A159EDE35EACCEBAA763B93A625BCE2D0C7D598C2A6111092257D6DAC7A167102E956697210D4694B9812D70C8A94
                                                      Malicious:false
                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.....................................................................................................^.....q...........7.....j.....}...........Z.......................~.......................s.......................D.....d.....t........... .....F.....`...........C.......................Q.....}.................S.......................T.........................................E.............................k......................./.....P.....\.................).....3.............................p.......................L.......................0.......................%.......................B.............................g.......................e.......................d.......................M.....d.....s...........*.....T.....f...........".....[.....u...........x.................I.......................Y.......................4.....v.......................S.....~.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\fil.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):546749
                                                      Entropy (8bit):5.197094281578282
                                                      Encrypted:false
                                                      SSDEEP:6144:9yXQPElrGUyaX3CC6tD/ty3DQZIbY0eiWFevNnGFZ338mC54Vmj68AR8q0:jPGrGUyaXCo0hn7C5CmF
                                                      MD5:6EDA0CD3C7D513AAB9856EC504C7D16F
                                                      SHA1:BA24C4B994E7866F2C012CCEC6C22DFC1A4FCFF6
                                                      SHA-256:3CD2BC9E887663C5E093E0334BC60CF684655A815E3DE7AD9A34BAD5EBB858B1
                                                      SHA-512:47000F5EA882CB9EDDCF4FB42ED229423EE55AA18B4A4353D7EF85ADFA7E1B0BBB33C2469887224D7146B3E33FB2296749CD053D68D7DAF26980BC710A27C63E
                                                      Malicious:false
                                                      Preview:.........$..e.@...h.H...i.^...j.j...k.y...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......!.....&...........6.....>.....E.....L.....S.....T.....U.....Z.....g.....|.................K...........:.....X...........O.................Q...........>.....e...........Z.......................~.................%.......................h.................H...........^.................M.................!.................H.....b...........].................V...........B.....d...........#.....N.....k.................A.....N.................,.....;.................S.....i...........5.....k.....z...........=.....o.....}...........>.....o.....}...........@.....r...................................R.......................L.......................<.......................e.................U.................F.....`...........>.....q.........................................%.................4.................4.................J.....b.................B.....X...........N.......

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\fr.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):568277
                                                      Entropy (8bit):5.380723339968972
                                                      Encrypted:false
                                                      SSDEEP:12288:jAnyjhCfqwFZLiQphDDq6QuaMV5wKzQOtX1Z/MYnYtYAXfyzku5Qx0JSWkv40wC9:DwfKsV0v5Dv
                                                      MD5:D185162DF4CAC9DCE7D70926099D1CF1
                                                      SHA1:46594ADB3FC06A090675CA48FFA943E299874BBD
                                                      SHA-256:E40C07183A32B75930242F166C5AAE28F4CD769BB2268391BEAA241814E7D45A
                                                      SHA-512:987D9CC6AD5F2ED6A87537FDADF105F6EB31A97B11156E70814FE021047E5D8D08398F008812038DF3CCDCB6254BF5B744D9982FE04F79D407AC2F53BB046E25
                                                      Malicious:false
                                                      Preview:.........$..e. ...h.(...i.9...j.E...k.T...l._...n.g...o.l...p.y...q.....r.....s.....t.....v.....w.....y.....z.....|.....}..................................... .....'.........../.....0.....2.....B.....P.....b.....q.................6.....X...........?.................'.................(.................W.................4.....`.....p...........D.........................................{...........(.....L...........*.....i.....{...........S.........................................}...........i.................N.......................H.....r.................N.......................f.......................}.......................x.......................e.......................d.................+.................&.......................8.....~.......................k.................0...........;.......................f.........................................d.................6...........4................."...................................R.....k.................G.....[...........G.......

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\gu.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1103776
                                                      Entropy (8bit):4.336526106451521
                                                      Encrypted:false
                                                      SSDEEP:3072:jcdEyVvWvQsIHIwjAwREJKVMjNiT7llj63rhJWlPvpMi5eQWiYJ+WR6/GQoy2zE4:jcdRW7ca43WP5fahqHRT
                                                      MD5:44F704DB17F0203FA5195DC4572C946C
                                                      SHA1:205CBCC20ADCCCF40E80AA53272FBA8CD07389CA
                                                      SHA-256:4B073F08F0C8C035974B5EC43AA500F8BDD50E6CFE91A2FB972A39E0F15ECEDD
                                                      SHA-512:3CFD4501556845141EE9B461C831CA59779AD99F0E83E8D03433DE78D774378E87DE752DD9711C112A0C584259AD1DA6DC891D92F3F447F63A4D84263CD5BFCE
                                                      Malicious:false
                                                      Preview:........4$..e.^...h.f...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.#...|.)...}.;.....C.....H.....P.....X.....`.....g.....n.....u.....v.....w.....|.......................&.....b....._.....0.....l....._..... ...............................................a.......................G.................r...........\.....|....._...........z.......................V...........n.....B...................................7.....4...../.......................".......................4.....p...........P...........E.....m.......................................................................'...........}.......................C.................j .....!....u!.....!.....".....#....\$.....$....K%.....%....R&....{&.....'.....'.....'.....'.....(....b).....).....*....'+.....+....t,.....,.....-....9.....|............/....W0.....0.....0.....1.....2....33....f3.....4.....5.....6.....6.....7.....8....<9.....9....|:....H;.....;.....;.....<....s=.....=.....=.....?.....?.....@

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\he.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):681555
                                                      Entropy (8bit):4.658620623200349
                                                      Encrypted:false
                                                      SSDEEP:12288:WpoaixZvjhpxS28YeqhCTrNGmnSWqo/IoXOl60pAC2XbheQCap125EVGo94N5plo:raY9xr5Jof
                                                      MD5:E75086A24ECAA25CD18D547AB041C65A
                                                      SHA1:C88CE46E6321E4A21032308DFD72C272FB267DBD
                                                      SHA-256:55BE8A5ED9FB9C129AC45B7FC99574B9907350AFD024BAA5D07525F43E995F6B
                                                      SHA-512:01D7FDD90B8D0D3779B8442250E2AA767481B2E581F880BF9C3DCBB15FCE52E477B1881F3704FBCB3172DB77DB10241BCB24851BFE30066D1E9B66244B3C6877
                                                      Malicious:false
                                                      Preview:.........$..e.....h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...q.a...r.m...s.~...t.....v.....w.....y.....z.....|.....}.........................................................................+.....D.....].....z.....?...........~...........).............................O.................T...........#.....E...........:.......................w.................W................./...........F.................V...........5.....T...........K.................3.............................o...................................E.........../.....a.....t.............................z...........,.....?...........5.....v.................q.................5.......................r.................1...........X.................I.......................y.................$.................k...........).................!.......................#.................7.....P...........e.......................e.............................w...........W ..... ....$!....K!.....!....7"....g"....."....@#.....#....-$

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\hi.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1167065
                                                      Entropy (8bit):4.308980564019689
                                                      Encrypted:false
                                                      SSDEEP:3072:iThcTTz73y8mSKxbap2jSV9wuHfV/BB0ZV1d1muOlRLXW3XHij0TByntDPtDlSpq:iq/3y3LagjSV9wuWyQ5s5Nhnn
                                                      MD5:1FF8A0B82218A956D2701A5E4BFA84EF
                                                      SHA1:56BB8218963E14ADCC435F2455891F3A0453D053
                                                      SHA-256:62E7C3ABC317931723BE11ADD3712DD15EAAB0A35A4D8E7DB0B6347104EC5733
                                                      SHA-512:3330D983401953AA5ED4856A8D10FFCBEEFC2A4E594CF850566A0AD38837BC1164870BB1270B6BBE5D7DD6FB1ECA29CDE85869A5C51808B901CDC282E04764E4
                                                      Malicious:false
                                                      Preview:.........#..e.....h.....i.....j.....k.....l.%...n.-...o.2...p.?...q.E...r.Q...s.b...t.k...v.....w.....y.....z.....|.....}...............................................................................?.....j.............................................../.....j.........................................N.....}.....P...........^...........F...........A.....d.....K...........N.............................L.....&...........V...........f...................................L.....~.................{.................A.................y.....*.....}...........;...................................*.....[.................,.....K...................................j ..... ..... .....!....J".....".....".....#.....$....T%.....%....@&.....&....8'....d'.....'.....(.....(.....(.....)....6*.....*.....*.....+.....,.....-....c-......................%/.....0.....0.....1.....1.....2....i3.....4....B4.....5.....6.....7.....7.....9.....9....S:.....:.....;.....<....F=.....=.....>....N?.....?.....@.....@.....A....LB

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\hr.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):526575
                                                      Entropy (8bit):5.518614920030561
                                                      Encrypted:false
                                                      SSDEEP:3072:zdgTWCQP8wCyCFH9OpEE63aBV08Lwcuo+wvxr0Xcp/A/SOSAqb+HicHE0uP1z4Nd:iT+PE4pEi7cwJPcd75Gr76lx2U
                                                      MD5:0BD2F9847C151F9A6FC0D59A0074770C
                                                      SHA1:EA5313A194E9D99489E9F1D7B4DFC0BC986C8E17
                                                      SHA-256:5F2F1AA2E2EC78F375084A9C35275E84692EE68A1E87BBEF5A12A2C0FCF7F37A
                                                      SHA-512:0032C0B41FDF769DAA1AF23C443D4195B127DF9EA8621174F1AABDBAFAE4954383095FA1EEAD14FC458188B8837BBE9AECA0D5338E4D47F10D976FBED8609496
                                                      Malicious:false
                                                      Preview:........F$s.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.)...y./...z.>...|.D...}.V.....^.....c.....k.....s.....{.................................................................k...........Y.....z...........F.....~...................................e.......................y.......................m.......................l................. .................q................._.........................................A.............................4.......................j.......................D.....f.....w.................*.....:.................4.....I.................&.....5.................8.....M................. .....0.........................................S.....n.................0.....M.......................3....................... .................E.....v...........!.....F.....\...........).....[.....t...........U.................M...........(.....:...........".....`.................G.....v.................$.....B.....T...........0.....n.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\hu.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):566819
                                                      Entropy (8bit):5.6387082185760935
                                                      Encrypted:false
                                                      SSDEEP:6144:eQRmd80ZaJ156ZjnOL42HPs2P3Ar7ky1XB5VwFZfpadYG5uU1gGse33a5TRFGsty:eQRI5aJ18Q5AXB5VwAbj/3a5uTB
                                                      MD5:4C27A1C79AB9A058C0A7DFFD22134AFD
                                                      SHA1:5F0A1B34E808B91ADB1E431E462D9FCF82F4FFF2
                                                      SHA-256:AD98C0A367B51EB217E69D66FA6A946946E85EC8452FC5A7AE0F179F35BE28C3
                                                      SHA-512:0F066DB5905EB24B6CB4FBC7C81F017B43AFB7A6E975886644D871E979406B990509905D100653496EE2D20969A77434B702FF1EA5D348274AE54EA597A91D5E
                                                      Malicious:false
                                                      Preview:.........$..e.....h.....i.!...j.+...k.:...l.E...n.M...o.R...p._...q.e...r.q...s.....t.....v.....w.....y.....z.....|.....}.........................................................................+.....A.....V.....j.................9.....W...........N.................*.................*...........".....X.....q...........K.....r.................Y.................?................."...........I.................7.......................k...........'.....7...........:................./.................:.................Z.....w...........O.....v.................f.................5.................(...........2.....u...................................M.................0...........6.....x...................................m.................)................. .....I.................O.....g...........c.................O.......................E.......................r...........'.....H...........v.............................l...........7.........................................5...........& ....q

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\id.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):466959
                                                      Entropy (8bit):5.379636778781472
                                                      Encrypted:false
                                                      SSDEEP:6144:GLaXpeWC+RYgVj5ZabK6s1o8Ff+cVnjHFe6miZ4FZ57VhGwkK5R3SzP7IEji40HQ:GOZbRYgVjmu6F8PVnjHFPmM4b57VhRQ
                                                      MD5:1466C484179769A2263542E943742E59
                                                      SHA1:18E45A08661FD6D34BADE01CDB1E1D5184BA2B67
                                                      SHA-256:C331293D16B16B08DEF73BE73437845D58C593941320C547A377DB423749AEBB
                                                      SHA-512:ABC54D5CAAA663578F064E43CC0465BEB97EFC46991936708EBF3FCD64BD007E47072AB4834A5361B21F064BB0F6527E247BC2C2F0DFB8336F50C2FF3E15A59C
                                                      Malicious:false
                                                      Preview:........ $..e.6...h.>...i.O...j.[...k.j...l.u...n.}...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................'...../.....6.....=.....D.....E.....F.....H.....V.....c.....s.................k................. .....l.......................l.................-.......................0.............................R.....s.................I.....x.................T.......................@.....j.....w.................L.....Y.................Z.....m...........H.......................%.....@.....Q.............................c.......................<.......................#.....t.......................L.....x.................%.....R.....^.................>.....K.................5.....G.............................J.......................".....h.......................L.....}.................#.....=.....K.................+.....:.................2.....K...........C.......................u.................,.....|.......................C.....b.....r...........1.....h.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\it.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):522800
                                                      Entropy (8bit):5.284113957149261
                                                      Encrypted:false
                                                      SSDEEP:6144:ujs00Cb2DBUItx92+fMiMNDYISIqRRRsO1StBWRT9Tjex6qipELqb2pzHi9fLwsW:Ks0bSH6mZD38H04KUp05HloP
                                                      MD5:7767A70358D0AE6D408FF979DF9B2CD4
                                                      SHA1:9C57A5B068DC12AAF1591778DEF5D3696377EDAB
                                                      SHA-256:672908E77E9EACA793654C8E630442099DE3BE772FD3230A9C4045CAFBCC0B1E
                                                      SHA-512:913AA8C49D04CD84706D08A88453D1ED36FDE6A00F7C1DF63DECEA99316A8A234924457C0C50937329B3979E437B1C2D7796E63ADF209505E212FDCEAE3BFDB5
                                                      Malicious:false
                                                      Preview:........-$..e.P...h.X...i.i...j.u...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.$.....,.....1.....9.....A.....I.....P.....W.....^....._.....`.....b.....u.......................E...........3.....O.................V.....g..........._.................o...........#.....L.............................k.......................n.................2...........*.......................w.................5.......................R...................................c................./.....[.....y.................=.....K.............................x.................*.............................`.......................4.............................^.........................................B.............................F.....\.....r........... .....L.....a...........=.......................b.......................8.....c.....v...........[.................c...........S.....j...........d.................[.................).....v.......................X.............

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ja.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):634636
                                                      Entropy (8bit):5.718480148171718
                                                      Encrypted:false
                                                      SSDEEP:6144:vFKfek4L5DTNJL+i4+tZKQ2lMzbU5AhAxVH:vQfYdDh9jtZKQ2lMM5Aha
                                                      MD5:4A4AF69546DCF65F2D722A574E221BEA
                                                      SHA1:EE51613F111CF5B06F5605B629952EFFE0350870
                                                      SHA-256:7AD195AF107F2A394BAB527C3E84E08F3B7748076F23459F084CF0E05DD29655
                                                      SHA-512:0E93F6B22F7C9176EFC9D49901BFBD281FA5AC3632780DFA76CE597CADD8C1CF570A9163A86BC320BBFBD354F48288DBEC5E36A6088999B00A3561D302A96D03
                                                      Malicious:false
                                                      Preview:........n#K.e.....h.....i.....j.....k.....l.....m.....o.%...p.2...q.8...v.D...w.Q...y.W...z.f...|.l...}.~...............................................................................................6.....W...........}.................l........... .....8...........c.......................B.................W.......................x...................................7.....V...........e.................=.......................].......................{...........#.....2...........y.................`...................................<.....W...........j.................y...........e...................................h...........(.....:...........%.....a.....p...........{.................}...........m..................................._...................................Z.....x.............................o...................................:.....U...........*.....d.....z....."...........*.....?...........X.................`.................@.................g............ ..... ..... .....

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\kn.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1256908
                                                      Entropy (8bit):4.247594585839553
                                                      Encrypted:false
                                                      SSDEEP:12288:uCTfkA6GtYQnVY2oE67c577UKc+E+htuYw:vKa5XUd
                                                      MD5:6A41A5AB03A22BDAEC7985B9A75EC11A
                                                      SHA1:6BB02DF557BD6522E02FE026C0243BEB9332B2E5
                                                      SHA-256:E22873652AC7D9D18E47DAE838D121B5644EDA4C67F7B0BC110733BF7E931FEA
                                                      SHA-512:BCA661D802D29463A847AC77EB8D5DFA41C31455E7314049CA26555957DCA3BE33701C074F7ED26D2C375A0A9C5F8A93461007B8D74F5ED3BD27C02E5DB170A5
                                                      Malicious:false
                                                      Preview:........O$j.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.;...y.A...z.P...|.V...}.h.....p.....u.....}.................................................................W...........".....V.....W...................................n...........b............................._.......................<.....)...........s.......................).............................1.....7...................................[.................................................................*.....u...........f...........K.....^........................ ..... .....!..../"....i"....=#.....#....r$.....$....I%.....%....l&.....&....p'....((.....(.....(.....)....N*.....*.....*.....,.....-.....-................./.....0....W0.....0....z1.....1.....1.....2....Y3.....3.....4....@5.....6.....6.....7.....8.....8.....9....V9.....:....R;.....;....1<.....=....B>.....?....]?.....@....DB....BC....wC.....D.....E.....F....$G....\H....AI.....I....4J.....K.....K.....L....PL.....M....lN.....O

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ko.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):532715
                                                      Entropy (8bit):6.0824169765918725
                                                      Encrypted:false
                                                      SSDEEP:12288:FrJ83zNWTvTjXKcat8OQ4EVhG1KACqX567GGq+8Mttq7hUomrOeWl+:FruH3588Z7l+
                                                      MD5:5FD9942F57FFC499481947DB0C3FDFA7
                                                      SHA1:4D60AB21305902877467FF6151C1B7AB12553AAE
                                                      SHA-256:09E279860E20E9E559945940E29446CAD4273D05C5F3F15D0BAD664A1D5749F2
                                                      SHA-512:97953E580588C07769F1BD0002E2DF648FFCE5B246D2359E4475EDCFA1CD6E7286BAF168A115D7A65686B2151C313B6FD0C271E40B1F9DD4132F2F39904FE8D4
                                                      Malicious:false
                                                      Preview:........O#j.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....y.#...z.2...|.8...}.J.....R.....W....._.....j.....r.................................................................].................5.................O.....b...........F.......................p.................'.......................,.......................;.......................L.......................e.......................Y.......................X...................................Q.....h.................>.....U................. .....0.........................................-.....I.................A.....Q.................L....._.................K.....[.................J.....Z...........O.......................Z.....{.................U.....}.................`.................%.......................J.............................h.......................\.................+.......................m.........................................'.............................x.........................

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\lt.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):573015
                                                      Entropy (8bit):5.63016577624216
                                                      Encrypted:false
                                                      SSDEEP:12288:Lg7mwvXReMAg8m5QI963AS572zJbrWCO6SjM:LWmwvAMf77S5Ob6CZ
                                                      MD5:8745B87D09D9ECC1112C60F5DD934034
                                                      SHA1:2F411E4EEF0E656CAC0C755FECE1AD2531CB689E
                                                      SHA-256:D546C994C81510122E7B2359DA50F694E1F0CA4081830404E16187A5CF4D4E0D
                                                      SHA-512:27B658C153A01AABB9595C5B1059567E535EDFC8F8187B89316D2C85694DE32696D209CFDD2A32C4826DFB1E50AC692937156563EE190E68DB358C40F9AAE15F
                                                      Malicious:false
                                                      Preview:........+$..e.L...h.T...i.e...j.q...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....^.....l.....y.................4...........".....=...........S.................M...........'.....A...........8.....p...................................A...................................B.....g...........z.................R...................................;.....K...........c.................T...........2.....P...........2.....Y.....t...........W.........................................E...................................D.....S...........Q.........................................S.............................B.................&.......................t...........1.....Y...........K.................+.........................................'...........N.................A.................,...........q.................d...........&.....F...........x.................(.......................H ..... .....!

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\lv.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):570683
                                                      Entropy (8bit):5.624052036286866
                                                      Encrypted:false
                                                      SSDEEP:6144:tNNTAgEq8RFSv528c6ZyJxyNGtVF2tPiz7c4YbUSZbb3n5KygNgE/J5gosRyEAYd:t2cvn8ipizw4XkXn5pEh50yMZhd
                                                      MD5:E16B0B814074ACBD3A72AF677AC7BE84
                                                      SHA1:10744490B3E40BEB939B3FDCA411075A85A34794
                                                      SHA-256:46B5C09AA744AF0F660C79B0CDBDE8C8DBDD40A0BA1A23AAF28D37ECC4211DC5
                                                      SHA-512:70EA9DFAC667C0992AE0E95815A47EB8E779BAAE1215E733AFE84EEE26D3BA754AD838C12E9AEE3114D7BBE11CD21B31C550F5CAFE6C5E838B69E54C6174EF18
                                                      Malicious:false
                                                      Preview:........O$j.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.;...y.A...z.P...|.V...}.h.....p.....u.....}...................................................................................Z.................G.................%...........Z.................F.................6.................Q.....\...........Q.........................................|.....#.....t...................................W.................0...........T.................B...........8.....Y...........$.....J.....`...........-.....V.....h...........;.....b.....v.............................G.......................r.........../.....>...........'.....Z.....k...........c.................@...........3.....K.................).....>...........=.....t.................c.................(.................2.......................8...........<.....q.........................................:.................8...................................N.....^...........0.....K.....m............ .....

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ml.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1307271
                                                      Entropy (8bit):4.279854356980692
                                                      Encrypted:false
                                                      SSDEEP:12288:HhSK0A2cMmsbbAxqInxb/D/xn9mMRTAr6DhPQA+tHxy3ewh+53R7dC4s/fv3iWr:HhEzozqry3e753R7xs/X3V
                                                      MD5:309E068B4E15157486D095301370B234
                                                      SHA1:D962CDAF9361767045A928966F4323EAD22D9B37
                                                      SHA-256:4F2C19B7E94B695C5C5CAB95DEE6E49AE53C3337C351B5C665BCB6BA4E6AE909
                                                      SHA-512:6B1333946C7950D97D2DF29D063DB39A0EC5C0EEAA1ECA40743E4A6A0E4C972D897D3FF2BA837B53E31B8003F2C5C4BACCB7A4AB4B50C6CB47DF39AD7B8E05E7
                                                      Malicious:false
                                                      Preview:........N$k.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{...........................................................$.....d.................Z.....C.......................W...........%.....r.....a.......................}.................n...........................................................I.................m.......................l.......................5.....y.............................^.............................j.......................|............ ..... .....!.....!....*".....#.....#....V$.....$....n%.....&.....&.....&.....'....n(.....(.....).....*.....*....W+.....+....c,....+-.....-.....-...........0.....0.....1.....1.....2....!3....Y3.....4.....4.....5....T5....06.....6.....7.....7.....9.....9.....:.....;.....;.....<.....=....Z=....|>....s?.....@....T@.....A....UB.....C....SC.....D.....E....yF.....F.....G.....H.....I.....I....-K....(L.....L.....M.....N.....N....eO.....O.....P.....Q.....R

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\mr.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1075591
                                                      Entropy (8bit):4.313573412022857
                                                      Encrypted:false
                                                      SSDEEP:3072:IdobAeuAdmMcQq9Vth6iQm0vLJuVXrMHwrNf3FaMUCyGR93RkR3bntOubz1hzudo:kBrhP0pJvC3YGINa5apw7xM
                                                      MD5:69C36C23D6D9841F4362FF3A0F86CFDF
                                                      SHA1:C4C1F632EB8373107AEEBD6C26ECF036AEDA2B6B
                                                      SHA-256:6A794C2B08F8B046BE771DF33719536BDAF2371E3825D49A0E556958B781832D
                                                      SHA-512:8C1329BDB371677BC0A9D727A38591EDF32025BAE1E7EFE402D01C6A8BB5F647D827C59A18F40455D5C9C0482798525C98C3F1C8AC568AA886D7C1ED07D1580E
                                                      Malicious:false
                                                      Preview:.........$..e.....h.....i."...j.....k.=...l.H...n.P...o.U...p.b...q.h...r.t...s.....t.....v.....w.....y.....z.....|.....}.........................................................................@.....b.................%.....]...........W.................J.............................:.....@.....=...................................&.................&.....F.....P.......................h...........o...............................................c...................................R..........._.................i...............................................J.................. .....!.....!....(".....#.....#....O$....{$....B%.....&....c&.....&....F'.....(...._(.....(....R).....*....y*.....*.....+.....-.....-................./...../...../.....0....61....l1.....1....Z2.... 3.....3.....3.....4.....5.....6.....6.....7.....8.....9....E9....u:....n;.....;....@<.....=....O>.....?....5?.....@.....A.....B.....B....MD....WE.....E....eF....nG....LH.....H.....H.....I.....J.....J.....K....5L....)M.....M

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ms.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):489457
                                                      Entropy (8bit):5.250540323172458
                                                      Encrypted:false
                                                      SSDEEP:6144:vmcUWQ6L+c0ABZU+JsxJwCuMlG0j2sUcSP57lRKsMyYlEFU:UWBiKU9xJblGu2j5LhMN
                                                      MD5:A1253E64F8910162B15B56883798E3C0
                                                      SHA1:68D402D94D2145704DC3760914BF616CC71FC65D
                                                      SHA-256:E033BFAD6CD73EA7B001DFAF44B7102E3BBE2A1C418F005C149E4FB2565DB19F
                                                      SHA-512:ABD63713093049ECC8E24FD8145EAE065340058A3C38758A59EE8796FBED7E6CFBC54982D650889F1CEB54797060C7DDA12EEE2A963B14C5E907A110C2057DBE
                                                      Malicious:false
                                                      Preview:........T$e.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v./...w.<...y.B...z.Q...|.W...}.i.....q.....v.....~........................................................................................._.....{...........:.....n.....~...........\.................#.......................=.......................1.......................3.......................Y.................*.....z.......................W.......................E.......................b.........../.....A.............................N.......................$.....x.......................r.......................z.......................p.......................^.......................Q.......................r.................!.....s.......................S.....w.................6....._.....p.................T.....w.......................#.......................$.................2.....K...........B.......................s.................,.............................P.....r.................0.....].

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\nb.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):476208
                                                      Entropy (8bit):5.4272499712806965
                                                      Encrypted:false
                                                      SSDEEP:12288:tWg5xWMIiM/YAwOp7fUB4a+O5/v4xizdvn:lTWJiBaa+O5X4kzx
                                                      MD5:622ED80836E0EF3F949ED8A379CBE6DF
                                                      SHA1:9A94CD80E747B88582470EF49B7337B9E5DE6C28
                                                      SHA-256:560B2F09C1B6E6BB7E6A5A5F9BF85A88BD2ACA054B7D4A5955D9C91B6D7CA67C
                                                      SHA-512:950627E74180E1451BB35AE4A7416AC14D42D67BBBB59DC51D7B69E4CEB61715F8F9B0EB9D7F35FCEFD4D43FABE5CE2103F1AF3709CAE6733C25AC19E6339A83
                                                      Malicious:false
                                                      Preview:........2$..e.Z...h.b...i.y...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....o.....p.....r.....}.......................N...........A.....V.................X.....k...........z.................K.......................L.......................:.......................;.......................g................./...........<.........................................R.................1...........Q.......................\.....u.................1.....V.....f.................9.....I.................H.....\.................J.....Z...........".....T.....d.................@.....P.................<.....J...........4.....y.................B.....h.....{...........&.....E.....^.................-.....?...........,.....k.................V.....|.................b.......................i.................&.......................s...........9.....b...........*.....V.....i.................".....0.................).

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\nl.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):491139
                                                      Entropy (8bit):5.362822162782947
                                                      Encrypted:false
                                                      SSDEEP:6144:v+rgHaGglVZ5Rb23gihngHh9gog5CHLp7hh45Pt8xcGpF9u+59OTD:2sy/5Rkagog5OR45Pt8xcGpF9uMOTD
                                                      MD5:C8378A81039DB6943F97286CC8C629F1
                                                      SHA1:758D9AB331C394709F097361612C6D44BDE4E8FE
                                                      SHA-256:318FB294CE025BDA7636B062CA7B6A1FB1E30C485D01856159CB5DB928782818
                                                      SHA-512:6687FFE4DE0D5A2314743EB3134096292724163D4E0332D2F47922B4807B0CDE7C20E2D57D2662E403D801BC7A20BC247F5D0EDD787AB650E5766B49AF7D3C63
                                                      Malicious:false
                                                      Preview:.........$..e.*...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................#.....*.....1.....8.....9.....:.....<.....H.....X.....i.....{.............................X.......................|...........4.....J.................M.....d.................8.....G.......................).................8.....Y...........1.....h.................F.....{.................U.........................................\.................4.............................Y.......................-.....~.......................}.......................v.......................V.......................5.....a.....n...........*.....^.....m...........I.......................X.......................>....._.....v...........,.....T.....f...........8.....o.................=.....[.....o...........3.....e.....v...........H.....................................................E.....j...........5.....f.....{.................B.....R.................B.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\pl.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):550453
                                                      Entropy (8bit):5.757462673735937
                                                      Encrypted:false
                                                      SSDEEP:12288:ilOHODZWoOB/ohU/FmXgvh6HA7b0mPeCUd0e3mPUbEmw1QhWRH5RbL4fqhx:ilOHcntp01Qhc5BH
                                                      MD5:80C5893068C1D6CE9AEF23525ECAD83C
                                                      SHA1:A2A7ADEE70503771483A2500786BF0D707B3DF6B
                                                      SHA-256:0069648995532EFD5E8D01CC6F7DD75BD6D072E86C3AE06791088A1A9B6DACC4
                                                      SHA-512:3D1C41A851E1CF7247539B196AD7D8EE909B4F47C3CFB5BA5166D82CDA1C38049B81A109C23FA6D887490E42EE587CC2A6BD96A3EA890267C089AC74710C755F
                                                      Malicious:false
                                                      Preview:........6$..e.b...h.j...i.{...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....o.....p.....r.............................X...........S.....o...........=.....w...................................i...............................................z.................$.................1.....W...........M.................*.......................@.......................l...........0.....L...........].................9.....v.......................E.....h.....x.................,.....:.................<.....P.................>.....P.................6.....F.......................-.........................................e.....}.................4.....K.......................;.................+.....@.................a.................+.....I.....`.................9.....U...........2.....}...................................w...........'.....R.................9.....J.............................v.............

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\pt-BR.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):516256
                                                      Entropy (8bit):5.426294949123783
                                                      Encrypted:false
                                                      SSDEEP:6144:1UhHzMCHTKZbciymNBXBL29RlMyE156UJuKbjsRhk8HR:1iTMCHepyy5BJrsRK8x
                                                      MD5:3BA426E91C34E1C33F13912974835F7D
                                                      SHA1:467A1B05BAD23252A08EE22E6B9EBB4404F6A0F0
                                                      SHA-256:CB66D88D3B3938FE1E42C50ECB85CEDB0D57E0F0AB2FA2A5FC0E4CDEA640E2B7
                                                      SHA-512:824A4301DC4D935FF34CE88FAA0354440FC1A3A8E79B0F4B0B2DCC8F12542ECEF65828FB930EDF5B35BF16863296BBAE39E9306962B4D3CFA9F6495AC05BDEF4
                                                      Malicious:false
                                                      Preview:........9$..e.h...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....}.............................d...........L.....h.........../.....h.....x.............................w.................(.....y.......................^...................................:.....j..........._.................:......................._...................................K.....d...........p.................5.............................q.......................n.......................w.......................p.......................O.....}.................).....W.....a.................V.....g...........b................. .....j.......................;.....a.................=.....U...........N.................2.....W.....p...........8.....p.................S.................@.................0...........1.....{.................X.......................0.....V.....k...........C...................

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\pt-PT.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):518861
                                                      Entropy (8bit):5.4029194034596575
                                                      Encrypted:false
                                                      SSDEEP:6144:duLNFZMWdTu4PJzwfieJVJJxhofzlCOfVY35WKfmSRtG:dIFOQu4Ru35WK+SRI
                                                      MD5:4D7D724BE592BD0280ED28388EAA8D43
                                                      SHA1:8E3C46B77639EB480A90AD27383FBB14C4176960
                                                      SHA-256:4724D82866C0A693C2B02D1FFA67D880B59CDB0D3334317B34EC0C91C3D3E2A2
                                                      SHA-512:D05388F66C50E039F7D3393515740F6B2593F9C0EF8651F9CDE910C5FF06656E0D22FDB066B22665289EE495837EA16CC085ECB3F85B0F6FB498AECDAA19ADF7
                                                      Malicious:false
                                                      Preview:........I$p.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v."...w./...y.5...z.D...|.J...}.\.....d.....i.....q.....y.......................................................................u...........Z.....u...........@.................).................$.................S.....w.................D.....T.................(.....:...........(.....j.................x.................H.......................g...................................9.....N...........D.......................p.......................^.......................a.......................q.......................r.......................U.............................[.....e.................P.....a...........?.......................O.....y.............................?.................0.....J...........#.....p.................9.....c.....u...........#.....Y.....n.........../.....}...............................................G.....k...........N.......................B.....g.....|...........J.......

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ro.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):537125
                                                      Entropy (8bit):5.4566742297332596
                                                      Encrypted:false
                                                      SSDEEP:6144:OM7ZImGlQNYzdJu7XTLH/7FSmoixefinKdoGN5QBo4s2e/umOz:OM7umbN887XTLjFSmoEeqKdN5ooD/iz
                                                      MD5:4F1C0A8632218F6FEF6BAB0917BEB84F
                                                      SHA1:05E497C8525CB1ADE6A0DAEFE09370EC45176E35
                                                      SHA-256:9C19835F237B1427000D72C93703311CFCBEFF6C2B709474B16DB93E629BC928
                                                      SHA-512:A7CDF94F79CD888BB81FD167F6B09BF1BEF2C749218869E5A12A0A3B2C2506D1A63F64B63D8E48EA49375636041C639082563BF9D526FE44003FC5A5E8D50E9D
                                                      Malicious:false
                                                      Preview:........0$..e.V...h.^...i.o...j.y...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.(.....0.....5.....=.....E.....M.....T.....[.....b.....c.....d.....f.....u.......................3.................+.................%.....9...........@.................1.......................Q.......................4.......................C...................................>.....b...........@.......................d.........................................p...........@.....n.................+.....H.............................h.......................M.......................J.......................7.............................].......................E.....t...................................?.............................W.....w.................\.................).......................f.......................W.........................................'...........$.....y...................................f.......................j.......................l...........+.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ru.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):878725
                                                      Entropy (8bit):4.848685093578222
                                                      Encrypted:false
                                                      SSDEEP:12288:tIoWrxfQjRo4YK7yMhNKgNzJ9fx+aAka2qSGsN8zqcnYH8eXN2hPO3j/zpbzvMwD:t5W2hM5a6Ev
                                                      MD5:3A3D0D865A78399306924D3ED058274E
                                                      SHA1:AA1A42DB6021666B2297A65094D29978792CE29B
                                                      SHA-256:EAB4C32FEBE084CC7A3A272CDA008B69D6617ED6D042376B0316BE185B9E66FE
                                                      SHA-512:ACA8C87D0B2BB35A325726F7774F8A0232B99C8EFE0F948AB68210958E23B95E9D9026A9430D96FC2D5CEBA94815F4217896EF877C9A6E1D0E56F73533FB1D12
                                                      Malicious:false
                                                      Preview:.........#/.e.....h.....i.#...j./...k.>...l.I...n.Q...o.V...p.c...q.i...r.u...s.....t.....v.....w.....y.....z.....|.....}.........................................................................9.....V.....n...........V.......................g...........i...........l.....).................g...........,.....f.......................@.................6.....M......................./....."...........l..........._...........D.....y..... .................&.......................5.....9.....3.............................B.................r.................D...................................=.....b.........................................E.....\...........Y.................'...................................D.....n...........j.................9.......................a...........i...........v...........t...........a........................ ....,!....l!.....!....j"....."....R#....|#....O$.....%.....%.....%.....&....x'.....(....Q(.....(....z).....).....)....]*.....*.....+....$+.....+.....,.....-

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\sk.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):553886
                                                      Entropy (8bit):5.812150703289796
                                                      Encrypted:false
                                                      SSDEEP:12288:qYdqsGk2Rswyzir+e/5ybvfLe3HXLPxt9B:qYdqshwyk/5WLOlt/
                                                      MD5:A9656846F66A36BB399B65F7B702B47D
                                                      SHA1:4B2D6B391C7C2B376534C0AF9AA6779755B4B74E
                                                      SHA-256:02B65F48375911C821786D91698E31D908A4C0F5F4F1460DE29980A71124480E
                                                      SHA-512:7E23CAA89FF80BF799AC5353CEAF344CBED0393F23D15FCBE8DC24EE55757F417CEA3BFC30889FD2CB41951F9FA5629C2E64B46DD9617D4A85EFEF0A255246F6
                                                      Malicious:false
                                                      Preview:........5$..e.`...h.h...i.|...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.%...}.7.....?.....D.....L.....T.....\.....c.....j.....q.....r.....s.....u.............................h...............................................[.........../.....I.................S.....j...........9.....h.....{...........4.....].....q...........J.................?.............................%.....`.....y...........\................./.............................%.....v.................G.....g.....|...........=.....c.....u...........6.....].....o...........O.........................................".......................3.......................R.............................-.....x.................0.....K....._.................0.....E.................G.....W...........T.................).....w.................-.......................M.............................O.................J.........................................'.........................................E.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\sl.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):532410
                                                      Entropy (8bit):5.486224954097277
                                                      Encrypted:false
                                                      SSDEEP:6144:xh5Gk07QLr32zTMCB29i2iM8nnbrNjSdum4ocyxPbPD+DgpvubVmavfDszt55J36:xzqroCB2T+cM+p5XLcaJHjcGi/fzICqU
                                                      MD5:BE49BB186EF62F55E27FF6B5FD5933F4
                                                      SHA1:84CFD05C52A09B4E6FA62ADCAF71585538CF688E
                                                      SHA-256:833F2E1B13381AA874E90B747931945B1637E53F2396A7409CCDA0A19CBE7A84
                                                      SHA-512:1808631559D3C28589D3F5A4B95554CEBC342DE3D71B05DDC213F34851BF802967BFFAC3D7668C487265EE245D1E26EFCE5D317EDBFBBEEB4BC2C9F122980585
                                                      Malicious:false
                                                      Preview:.........$..e.....h.6...i.G...j.Q...k.`...l.k...n.s...o.x...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................%.....,.....3.....:.....;.....<.....>.....P.....^.....n...................................y.................&...........2.....}.................h.......................g.......................Z.......................v.................O...................................3.....I.................T.....h...........b.................S...........$.....J.......................(.............................n.......................z...........$.....8.................2.....C...........).....j.................;.....i.....|...........?.....q.................[.......................g.......................L.....j.................G.......................~.................I.......................B.......................b.............................^.............................o.........................................j.......................x.......

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\sr.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):818089
                                                      Entropy (8bit):4.779985663253385
                                                      Encrypted:false
                                                      SSDEEP:12288:2wXfBMlzA74ddLYbeHIdN4SGdEzWeUnLYA1785f91Mxix9d8G37gjeAS/k//:7BMl1+kx85ox8Y
                                                      MD5:AFA2DFBA3BD71FE0307BFFB647CDCD98
                                                      SHA1:CD7A5C54246E891981AEEEAA88D39EC9E3F2C594
                                                      SHA-256:1375353837629A20102C69BF62701EE5401BED84D3DC4845BED5EE43E4D322CF
                                                      SHA-512:CE8BBBDDC33CB6B8DF4AEE127A8987E6D8C1D0761AC5BD25D685310BAA2D377F239BDF06F2C04B54295CF8FD440697A69A040644D5A7C0395C4F71A0252B8E87
                                                      Malicious:false
                                                      Preview:........=$|.e.p...h.x...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~.........................................).................W...........O...........\...........z.....E...................................3...........b.................a.................5.......................1.....1...........v...........|...........{...........`...........Y.....~.....d...................................S........... .......................{...........(.....K...........H.................c...........d...........3.................)...........B.................D.................(...........W.......................E.................~...........'.....O...........^.................~ .....!....]!....z!....J"....."....=#.....#....0$.....$.....$.....%.....%....P&.....&.....&.....'....1(.....(.....(.....).....*....5+....S+....A,.....,....Z-.....-....^...........=/....^/...../....Y0.....0.....0.....1....'2.....2

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\sv.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):479512
                                                      Entropy (8bit):5.541069475898216
                                                      Encrypted:false
                                                      SSDEEP:6144:nCOvlCAE5I3POziaLh11OBIrknaI4FwxgufNfhn4RFcmi8G96iMjSOwDE/xWcqVM:nCONCAUIONwIrJFav5A5Gcb
                                                      MD5:09592A0D35100CD9707C278C9FFC7618
                                                      SHA1:B23EEF11D7521721A7D6742202209E4FE0539566
                                                      SHA-256:9C080A2F6D4EDF0E2E94F78550B9DB59ADF5B1B9166DE2BAE496E6ABB6733304
                                                      SHA-512:E0760B3F227A3E7EAEB4816B8E02BEE51C62730D24403724D66B36BCCBC0BDCD56DF9EAB28B073AB727EE12C8856A858E52A9803E1A1C9164FCD3CF2F716D8AF
                                                      Malicious:false
                                                      Preview:.........$..e.....h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...q._...r.k...s.|...t.....v.....w.....y.....z.....|.....}.........................................................................#.....5.....I.....]...........b.................).......................e...........2.....K.................T.....p...........&.....U.....e...........%.....V.....f...........J.........................................O.......................Y..................................._.....u.............................n.......................J.......................'...............................................(.............................z.......................j.......................h.......................|.................$.....w.......................M.....k.......................?.....Q...........).....f.................J.....i.................;.....c.....x...........1.....l...................................q.................?.................;.....N.............................p.............

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\sw.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):504856
                                                      Entropy (8bit):5.34516819438501
                                                      Encrypted:false
                                                      SSDEEP:12288:77eon/zb9IzbIcvt5cuCERdyU7bQg8Wo67pJ8zvgu35Agb95H4sKPe/Bruf+:Go/z2z853z
                                                      MD5:9E038A0D222055FED6F1883992DCA5A8
                                                      SHA1:8FA17648492D7F093F89E8E98BF29C3725E3B4B5
                                                      SHA-256:DDCA575D659545D80E715EB4176BBBBFBD3F75E24B223537B53740B0DCB282BD
                                                      SHA-512:FB70F97E08191DFEB18E8F1A09A3AB61687E326265B1349AB2EFF5055F57E177A496BF0EA3592B61C71FE1F73C9143CA1495B05226F36EB481024827CAE6DCC4
                                                      Malicious:false
                                                      Preview:........4$..e.^...h.f...i.q...j.}...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.,.....4.....9.....A.....I.....Q.....X....._.....f.....g.....h.....m.............................?.................$.................2.....D...........7.......................P.......................A.....l.....{...........&.....U.....c...........0.....d..................................._.......................m.......................n.............................*.......................J.....r.......................>.....G.........................................A.....O.................4.....F.................G.....R.................).....6.................).....2.................\.....u...........(.....T.....p...........2.....c.................D.......................l.................B.............................j.................+.......................j...........?.....S...........5.....x...................................P.......................r...........%.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ta.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1298313
                                                      Entropy (8bit):4.058495187693592
                                                      Encrypted:false
                                                      SSDEEP:6144:DyM7zFIW2Yt1s6Tyk0vh54P50zxtR1cA25tm1vYpiMyS:DyEFN2wTTwzy50zzcA25tm1vYpiMyS
                                                      MD5:36104CB0D5E26E0BBB313E529C14F4B4
                                                      SHA1:69A509DEE8419DA719DCF6DE78BFE0A6737508C5
                                                      SHA-256:DC28C869A143424F71EDCFDB08B56DA31C2EC96E9D608535FFA7DC0B0842B7D8
                                                      SHA-512:D46ED1AA19EB298BC4C3D61EFC28D80753D6B551F01808E6158A0869FAAE8755DF61D4B4BAFF1310DD09FCFC385ABA67E1AA7D61BBE399DF7BB2D483EBE0FEFF
                                                      Malicious:false
                                                      Preview:.........$..e.(...h.0...i.A...j.M...k.\...l.g...n.o...o.t...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.....k.................:...........5...........$.....v...........`...........(...........Z.................%.............................O...........j.....L.........................................m...........u...................................;.....c...........7.................................................................8 ..... ....m!....I".....".....".....#.....$.....%....9%....d&....n'.....(....L(....C)....4*.....*.....*.....+.....,....3-....a-....Z.....J/...../...../.....0.....1....Z2.....2.....3....:5.....6....Z6....U7....=8.....8.....8.....9.....:.....:....F;.....<.....=.....=.....>....E?....S@.....@....[A....3B.....B....IC.....C.....D.....E....[F.....F....+H....>I.....J....pJ....\L....FN.....O.....O....DQ....QR.....S....{S.....T.....V.....V....'W....+X.....Y.....Y.....Y.....[....9\.....\

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\te.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1199612
                                                      Entropy (8bit):4.314031920337284
                                                      Encrypted:false
                                                      SSDEEP:12288:m/ai7McKNkCRWtgd49+agb0DQWp5Bi3p1Fm6OiTlC2pFg+NFqPZrOIoXAofQARG+:YNG35IMm4
                                                      MD5:98714389748A98ECC536CD2F17859BDF
                                                      SHA1:07761AA31588F30C2CED4A1E31FE99DDC43A5E8D
                                                      SHA-256:8A81B1A5457407E49D6372677938E7A2D28DFCA69F555FEDC8A2C9C09C333A65
                                                      SHA-512:38CC4F064BD874EEC9DBFAB4C2A83A487FBCD89CEFB40BE4213C42231BC48AF9255341C9D325EE059BC50EE533898C5FA22CD3B3927A8E045049DEF3C5DFB2C6
                                                      Malicious:false
                                                      Preview:........N$k.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t. ...v.5...w.B...y.H...z.W...|.]...}.o.....w.....|.......................................................................X...........J...........|...............................................f.........................................~.............................Y.............................A.............................d.....X.........../.....k.....b...........5...............................................'.......................L.....u ....:!.....!.....!.....".....#....*$....k$.....%.....&....6'.....'.....(.....).....*...._*.....+....P,.....,.....-....'...........m/...../.....0.....1...."2....f2.....3.....4....R5.....5.....6....G7.....7.....7.....8....I9.....9.....9....{:....0;.....;....)<.....=.....>.....?.....?.....@....bA.....A.....B....JC....(D.....D.....D....DF.....F.....G.....G.....I....@K....qL.....L....4N....EO.....O....pP.....Q.....R....?S.....S.....T....^U.....U.....V....`W....[X.....Y

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\th.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1008989
                                                      Entropy (8bit):4.356501290091745
                                                      Encrypted:false
                                                      SSDEEP:12288:h4aFlPACsN9LyZYA2T6z1L/LLftDjsAnILwgv1V5UBGsL3fBj8BlzEdq3Ro9lGdg:KexAI+515I
                                                      MD5:56F29DE3465795E781A52FCF736BBE08
                                                      SHA1:EAA406E5ED938468760A29D18C8C3F16CF142472
                                                      SHA-256:529C561747BF8B6206BE4F8BCF287A1D15E1B14A33113242DDAD5E035CA37BE6
                                                      SHA-512:519B5B3CC7032B2AF856456EEC25019B3A6A7F2A6DB7A0318CF87C41E08C6F6BFA73E239939B0DA16972C1D357FF06177765D875E19742D23E99A95FD4AC5416
                                                      Malicious:false
                                                      Preview:........i#P.e.....h.....i.....j.....k.....l.....o.....p.....q.....r.....s.0...t.9...v.N...w.[...y.a...z.p...|.v...}.....................................................................................'.....{.......................^...........e...........f.................s...........I...........]...........P...........r.................{...........D.....]...........;...........$.................,.....}.....K...........v...........e...........r...........m.....................................................E.......................P.......................:.......................B.......................b.......................s.......................X.......................S..................!.....".....".....".....#....0$....|$.....$....j%.....%....5&....l&.....'....z'.....'....!(....A).....).....*.....*.....+.....,....H,....x,....M-.....-....6.....l.....k/...../....o0.....0.....1.....2....>3...._3.....4.....5....c6.....6.....7....n8.....8.....9.....9....f:.....:.....:.....;.....<....D=

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\tr.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):515329
                                                      Entropy (8bit):5.616482888977033
                                                      Encrypted:false
                                                      SSDEEP:6144:j7ECvtm4HeFQmOMquxFX50LZhRjCqQOdspXHG4lge+5vk/R+hi1h2vdFAMTwAK5A:PEgfHeWmrqUqCFHGz5vk/g
                                                      MD5:46CA9EE922C3C175DE466066F40B29CE
                                                      SHA1:5563E236A15CD9CC44AE859165DF1E4E722936C7
                                                      SHA-256:BD8B1441FD2057F0B61512CC0AA23DFD2619560CF886B4D453FA7472E7153A3F
                                                      SHA-512:45AA2D6896568751C2F986ABD281EA07CB731880DF8F28F2F0AEFD95736F41B1E005D8DFB6F0AEF0CED6CEF94154D34FD0DA2CB7F0B0C66D9C085F5C47F32605
                                                      Malicious:false
                                                      Preview:........c$V.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.%...s.6...t.?...v.T...w.a...y.g...z.v...|.|...}...........................................................................................)...........L.................+.......................e........... .....;.................7.....J.......................)......................................... .....B...........5.....x.................Z.......................Q.....{.................w.................Q.................!.......................'.......................&....................... ................."...../.................5.....F.................9.....F.................2.....>.................7.....D...........I.......................v.......................i.......................P.......................q.................-.....z.......................m.................,.............................*.................B................."...........(.....n.................N.....~.................l.......

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\uk.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):876131
                                                      Entropy (8bit):4.88404350774067
                                                      Encrypted:false
                                                      SSDEEP:12288:bLrZJnRzDcwCfnbz/T0hoaiJI/t58B3IjeAXmESIOujLNiXEqqbTE/z+4uL2uo9:DRaz65QE2
                                                      MD5:1365ABDD1EFB44720EA3975E4A472530
                                                      SHA1:8421FC4905C592EB1269C5D524AA46866D617D3C
                                                      SHA-256:29AB0F7EE69FB7A1E1E54DD2A3746D2CFEAAA71AE5971EE30AA8E2E0F6556FA5
                                                      SHA-512:2E806A9BEA864E689BBD1D78B800DFDBC6E4109320F9A4790E52010BFDEC20C7644655A6FE3BABDE0B84D9580208CB78EF1FA0DB3476F8676C17A13D130296C7
                                                      Malicious:false
                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.'...s.8...t.A...v.V...w.c...y.i...z.x...|.~...}.....................................................................................1.....s.....W.......................r...........x...........m.....!.......................<.............................n...........,.................-...........|.............................=.....y.....+...........%.....K...................................w.............................N...................................r.................O...........N.................^...........\...............................................h...............................................R.....m.....f.....6.............................W.....y...........O.....x...........K...........j...........z .....!.....!.....".....".....#....R#.....#....&$.....$.....$.....%.....%....s&.....&.... '.....(.....(....~).....).....*....Q+.....+.....,.....,....Z-.....-.....-....[............/....4/.....0.....0....$1

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\ur.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):765853
                                                      Entropy (8bit):5.17061834928747
                                                      Encrypted:false
                                                      SSDEEP:12288:0efUL84T5HD8P4WuD66yACLUj5A9DPEFYW3KYcQYriwadcJKwUxuvco/9NjjFpvj:0RLBw652W4
                                                      MD5:3FED15E64BEAFBA75DE61B08A45AE106
                                                      SHA1:E24953271D8C0254AD011D3A65B2C2FA57903681
                                                      SHA-256:B6E250C3F4FBAC3AF5FB8BB1C61CACAD8685D7F2A97063DE23BC22E91B7F2E27
                                                      SHA-512:3948D080135AFEB240815D43F7B5B8D407BA2830FF701D9B8343F2A72E610827EDAAB643444CDCEB86812ADFC9FB3FBA3AAD6DB7488843C2A04E92A3E63FE40D
                                                      Malicious:false
                                                      Preview:........1$..e.X...h.`...i.h...j.t...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....H.....O.....V.....].....^....._.....d.....|.............................n.....................................................).....^.......................<...........G.................J.................9...........E.................~...........{...........\...........L.....k.......................,.................9.....e.....C.......................>...................................8.....Z...........C.................;.................-...........L.................N.................1...........-.....y.........................................s.......................*.....p........... .......................i...........).....J.......................L...........M ..... ..... ....Y!.....!....4"....Z"....,#.....#....&$....W$....'%.....%....^&.....&....f'.....(.....(.....(.....)....3*.....*.....*....]+.....+.....,....F,.....,....z-.....-

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\vi.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):609259
                                                      Entropy (8bit):5.796202390024141
                                                      Encrypted:false
                                                      SSDEEP:12288:BcQ6o+ccwJ2roEw/aBuAZgsHeW0xEEDOI9g/C5WS8jUmAnAiEwziMHzmwtKnE:BP6o+ccwJ2iafZgsHL0x755v8ImviEKv
                                                      MD5:CD741C24AF7597E0DC11069D3AC324E0
                                                      SHA1:2A883DFBCF48D5093D70D4B77BBFFFA521287334
                                                      SHA-256:13E982DC4B2B1AEE093E96BA27E02258C2B815CBB062006A4396BB3A3E6A84B1
                                                      SHA-512:6D27998E25B57FF0CE08C3590B69031038CBA390E68333A83514022B2C56B689AF8AD9715302824027864B5320852E9AB77D74E3B8A90DC66DF59F48CEB528C9
                                                      Malicious:false
                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.*...s.;...t.D...v.Y...w.f...y.l...z.{...|.....}...........................................................................................;.......................-...........A.................[...........O.....u...........v.................6.......................+.......................}...........G.....y.....9...........K.....y.............................z...........?.....V...................................T.................X.......................r...................................9.....J...........H.......................}.................'.......................<.......................O.............................Z................._.................*.................)........... .....V.....v.......................j...........N.................3...................................O.....v................./.....C.......................@...........) ....^ ....w ..... ....J!....}!.....!..../".....".....#....8#

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\zh-CN.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):441207
                                                      Entropy (8bit):6.685712707138377
                                                      Encrypted:false
                                                      SSDEEP:6144:+oIY7NcgHG7dNzh9aG/7C5ccJL7kzDg5lbSNu6BoHHclS:pugQfznaJ5ccJLAg5BSNu6Bot
                                                      MD5:99E6ACFB46923C4F8B29058E9EE6166B
                                                      SHA1:AF06C42E5F3578ADBC4F0BD7262DC6775FDD351F
                                                      SHA-256:9D8498875263B19552A982D1850F2F942FF44AF4E323BC5A3A67C34413994D95
                                                      SHA-512:4FDF5186FC2FC68210C2BE91F5B821F0979CA67D6C9B8915C14E7A20D3CE2548EB2660D5F9F398CF6C585A5C0725FA34FD3670F416F7C8A4F009C729BCF02988
                                                      Malicious:false
                                                      Preview:.........#..e.T...h.\...i.d...j.g...k.v...l.}...m.....o.....p.....q.....r.....s.....t.....v.....w.....|.....}...............................(.....-.....5.....<.....C.....E.....J.....S....._.....q.................v.................1......................./.......................:.......................>.............................c.......................D.....j................._.......................n.......................T.....}.................@.....o.................V.......................5.....O.....i................."...........x.......................U.......................].......................=.......................".....s.......................L.....u.................g.......................W.....w.................3.....X.....o...........&.....J.....\.................=.....].............................y.......................y...................................N.....`...........,.....d.....y...........).....O.....^.............................|.......................x.

                                                      C:\Users\user\AppData\Roaming\Snetchball\locales\zh-TW.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):439630
                                                      Entropy (8bit):6.6906570508767995
                                                      Encrypted:false
                                                      SSDEEP:6144:jmdbGlobIxk24IkGE0Jxv2323uWn4hmv50Ynz21Hs0yn7zyjkbTE:jcbGl8IxEGtbn4hmv50YnzC4n7+7
                                                      MD5:BB7C995F257B9125457381BB01856D72
                                                      SHA1:21C55FF5CBC4F223C23D5A2FBCC9E051DB78A44C
                                                      SHA-256:F2299E03E99B0E9A9CACE3B1C72E6C8C5FE089487CA1C82F2AAF4273B62E37A2
                                                      SHA-512:5247C5DA6F00DF6241500524DDB162041A03649FA0AFCC11AD40E820814958768A2E11CE34E1250FDBF42B2459F8C06B00AE7442B537F0731A62C6724FC8D890
                                                      Malicious:false
                                                      Preview:.........#,.e.....h.....i.)...j.-...k.<...l.G...n.O...o.T...p.\...q.b...r.n...s.....t.....v.....w.....y.....z.....|.....}...................................................................%.....4.....C...........3.....q.................+.....T.....`........... .....R.....d.................M.....b.................3.....?.............................g.......................[.......................S.......................;.......................*.......................@.......................F.............................D.....d.....p.................2.....A.............................q.......................T.......................<.............................i.......................f.......................A.....[.....o.................!.............................u.......................^.............................h.......................P.........................................H.......................Z.......................$.....e.....z.................1.....X.....j...........#.

                                                      C:\Users\user\AppData\Roaming\Snetchball\log4net.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):275968
                                                      Entropy (8bit):5.778490068583466
                                                      Encrypted:false
                                                      SSDEEP:3072:++EIoS8U9BGRl9bmXPbH79EfZHpMtTOnJDI3lk3ze3XjCVnm7sNzQn7G7k+Yr4zx:bx8CBGRlhmKHpyTmUVkDe3Xjknm7kCU
                                                      MD5:7EA1429E71D83A1CCAA0942C4D7F1C41
                                                      SHA1:4CE6ACF4D735354B98F416B3D94D89AF0611E563
                                                      SHA-256:EDEC54DA1901E649588E8CB52B001AB2AEC76ED0430824457A904FCC0ABD4299
                                                      SHA-512:91C90845A12A377B617140B67639CFA71A0648300336D5EDD422AFC362E65C6CCD3A4FF4936D4262B0EAF7BAE2B9624BCD3C7EEC79F7E7CA18ABE1EC62C4C869
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.X...........!.....,..........~K... ...`....... ..............................H.....@.................................$K..W....`...............................I............................................... ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B................`K......H...........<x...............-..P .......................................i.)V.#c....e../.`...V....j>..*..?.LbrzKV.x.}...........[.f)..dD`..66.61[.z....W^....>F..r...#. ..g...T...P....Ss)ii.a.v.(0.....(1...o2...s....}....*...0..7........{....-%~....r...p.{....r9..p(3...(.....(.......(4....*.........//........{....*"..}....*..{....*....0..4..........%...(5....-.~....r?..p(....+...}.......,..(6....*........')........{....*..{....*"..}....*.*..{....*"..}....*.0..........

                                                      C:\Users\user\AppData\Roaming\Snetchball\log4net.xml

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1547797
                                                      Entropy (8bit):4.370092880615517
                                                      Encrypted:false
                                                      SSDEEP:3072:d0SSirI7aLTIEpJDqdzpJ86pKmuzsxQsB7rDZy4TR05HrK1bEYF4hJrmchE3VEW2:dHRGGG9WHrKWgelJOoLJjxJha4
                                                      MD5:32AB4E0A9A82245EE3B474EF811F558F
                                                      SHA1:9F2C4C9EEB5720D765F2321ACD0FF9F8DD11E6A4
                                                      SHA-256:9BBF4D15F8FB11F7D2C032BD920D2A33B2C2CB8EF62E7E023049AF6132F5D6C1
                                                      SHA-512:A0574A170F69F9926C32BAF6119A16A381FEC9E881B304082859EE7CFF463570C78984EE14369C59CDB19E532B3ABF193D02B462F1B40D07214B6244150CD63F
                                                      Malicious:false
                                                      Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>log4net</name>.. </assembly>.. <members>.. <member name="T:log4net.Appender.AdoNetAppender">.. <summary>.. Appender that logs to a database... </summary>.. <remarks>.. <para>.. <see cref="T:log4net.Appender.AdoNetAppender"/> appends logging events to a table within a.. database. The appender can be configured to specify the connection .. string by setting the <see cref="P:log4net.Appender.AdoNetAppender.ConnectionString"/> property. .. The connection type (provider) can be specified by setting the <see cref="P:log4net.Appender.AdoNetAppender.ConnectionType"/>.. property. For more information on database connection strings for.. your specific database see <a href="http://www.connectionstrings.com/">http://www.connectionstrings.com/</a>... </para>.. <para>.. Record

                                                      C:\Users\user\AppData\Roaming\Snetchball\natives_blob.bin

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):342741
                                                      Entropy (8bit):5.496697631795104
                                                      Encrypted:false
                                                      SSDEEP:3072:zRAHowF2N4C56MQIi6dD3nhvAwlFUPcm4s9r4V7d+SSo3:zRAHowF2N4C56MQD6dD3nhnlFUPcm4F
                                                      MD5:A58DB728B50E6B82CBDCAA0DB61D36B1
                                                      SHA1:7CD76526CB29A0FF5350A2B52D48D1886360458B
                                                      SHA-256:BA2F2AC6AE9BC67399728F25772A0EB3E840695395CC747ADF4B2F8B5D6D9A46
                                                      SHA-512:0DB9AFBDADA44364521D89BAB6055458125F4F3C8C1B09048EAFA4055A194231CCFFD82FCDADA9360AB2B19F472B893330EBFCB027391E7A0C2B1100FC51E673
                                                      Malicious:false
                                                      Preview:..mirrors....(function(a,b){."use strict";.var c=a.Array;.var d=a.isNaN;.var e=a.JSON.stringify;.var f;.var g;.var h=b.ImportNow("promise_state_symbol");.var i=b.ImportNow("promise_result_symbol");.var j;.var k;.b.Import(function(l){.f=l.MapEntries;.g=l.MapIteratorNext;.j=l.SetIteratorNext;.k=l.SetValues;.});.var m={.UNDEFINED_TYPE:'undefined',.NULL_TYPE:'null',.BOOLEAN_TYPE:'boolean',.NUMBER_TYPE:'number',.STRING_TYPE:'string',.SYMBOL_TYPE:'symbol',.OBJECT_TYPE:'object',.FUNCTION_TYPE:'function',.REGEXP_TYPE:'regexp',.ERROR_TYPE:'error',.PROPERTY_TYPE:'property',.INTERNAL_PROPERTY_TYPE:'internalProperty',.FRAME_TYPE:'frame',.SCRIPT_TYPE:'script',.CONTEXT_TYPE:'context',.SCOPE_TYPE:'scope',.PROMISE_TYPE:'promise',.MAP_TYPE:'map',.SET_TYPE:'set',.ITERATOR_TYPE:'iterator',.GENERATOR_TYPE:'generator',.}.var n=0;.var o=-1;.var p=[];.var q=true;.function MirrorCacheIsEmpty(){.return n==0&&p.length==0;.}.function ToggleMirrorCache(r){.q=r;.ClearMirrorCache();.}.function ClearMirrorCache(r){.

                                                      C:\Users\user\AppData\Roaming\Snetchball\resources.pak

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8226870
                                                      Entropy (8bit):7.996842728494533
                                                      Encrypted:true
                                                      SSDEEP:196608:BRbyvUoyiZocNqBbwMIdCM6whz/xpkr92nEVvXJAqkXJ:f2v5xN0wPB6WxpkrS8N4
                                                      MD5:F7EC58AEA756F3FD8A055AC582103A78
                                                      SHA1:086B63691F5E5375A537E99E062345F56512A22C
                                                      SHA-256:517418184EA974C33FFE67B03732D19B1234DCB9E5C1C2E9E94ED41B3BC1D064
                                                      SHA-512:C620C6E16BBCEE9BC607E6CA75D602C756276AC69E5F3761D82DE7728164133656A71A69043EB1A86CE3051FDE4327A47EFD41D1FF47C8385699CA67C423AD7B
                                                      Malicious:false
                                                      Preview:............f.6:..{..D..|..G..~. K.....]....._....=.....c...........9.....B.............................F.....K/.....2....54....r5.....6.....?.....@....jB.....C....hD.....E.....H....nj.....k.....r....@~...."..........W.....................;..../;'...2;P...7;....8;....C;....D;U...E;....F;....G;A,..H;.;..I;gK..J;.Z..K;.h..L;.}..M;y...N;{...O;z...P;....Q;8...R;....S;....T;C'..U;.=..V;.W..W;.m..X;....Y;....Z;D...[;....\;....];.....<.....<x....<.....<-....<\....<.....<.....<.....<.....<*(...< /...<+3...<.3..I=.3..J=.7..K=.9..R= >..S=.G..T=}V..[=;w..\=.x..]=.}..^=R..._=....`=....a=....b=....c=....e=:...f=.....=....=.....=....=`....=p....=.....=.....=.....=.....=.....=K....=.....=t....=.....=.....=.....=\....=Z....=.....=T....=[....=x....=.....=.....=D....=.....=.....=.....=l....=F....=.'...=j)...>.+...>l,...>_0...>.2...>.6...>.8..N>.\..O>~^..P>._..Q>%d..R>.k..S>.l..T>Tn..U>.p..b>.u..c>/y..d>.|..B@....C@....D@o...E@....F@W...L@Z...M@(...N@...O@....D.....D ....D ....D;....D.....D....D..

                                                      C:\Users\user\AppData\Roaming\Snetchball\snapshot_blob.bin

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):276319
                                                      Entropy (8bit):4.242318669799302
                                                      Encrypted:false
                                                      SSDEEP:3072:pQ9Nwsu4PnhuhbXeu9wbO2/D9yytfPzMfS6vNZq:pQoJBhbBRKDGH4
                                                      MD5:8234983533FA47D2A1D7710FF8274299
                                                      SHA1:E4C5793B6FE6A6C6C9D8E3921B3BC341AE3448D8
                                                      SHA-256:F95553D8066144CBB8A05EED1735C94A4B97A2E44E49F624C2302990A13017C9
                                                      SHA-512:1E7E201B0FF9AFA7821B5FFD0A36548A49CD4DBBABA5858E13DA35058670A5053723DD3544B2FD85C619F2B8FC9E5DB48DF977BB293E7BA7DE6F22CC8DAB28CA
                                                      Malicious:false
                                                      Preview:.........X./j1N.11.8.172.9.......................................................@...y...........@..`....`....`....`b...`....`............B..............b........."..............B..............b...(Jb...)L.....@..F^.1..5.`.....(Jb...-P.....@..F^..`.....H...IDa........Db............D`.....-.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\start.bat

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):30
                                                      Entropy (8bit):4.231401845392171
                                                      Encrypted:false
                                                      SSDEEP:3:LjsARaZpKTn:ZIHun
                                                      MD5:E5115ED028681179F3E7FD7894FC72DC
                                                      SHA1:4C90ABD5666715DFE192D140C0CBBB01B8689CFC
                                                      SHA-256:240EA501F56EE9DDE9A771C64F9782057755EA33A90082E1BDD46537830B29F1
                                                      SHA-512:93DACBFA668E0F138C69B4ACB19A9410AB90C10EC7AF5FA9C37BC8F24E4088A202E76452E8542E81EFF7B0A8D6F49CC736D1D6DE79A3D41D24A6F52A1D70C4D3
                                                      Malicious:false
                                                      Preview:start Snetchball.exe INHuMbol8

                                                      C:\Users\user\AppData\Roaming\Snetchball\swiftshader\Xilium.CefGlue.pdb

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:MSVC program database ver 7.00, 512*4023 bytes
                                                      Category:dropped
                                                      Size (bytes):2059776
                                                      Entropy (8bit):4.067542396670122
                                                      Encrypted:false
                                                      SSDEEP:12288:zGdv6ZOCD1JEBSMPp35Q6glA8uOcbxfjUclEO+KEAt:zQCACD1Jr+35Q6LOcbxfAKEnc
                                                      MD5:70F9EAEA8A2A604E59F72EDE66F83AB4
                                                      SHA1:0AB9EA1BFFDFF471EC22AB289C7FBC5E0CDF48BF
                                                      SHA-256:38A07BA75CC2BBDF715CA87D380A4E5A0DCFAF9C30C5ECD30F6107871D51825B
                                                      SHA-512:47DE4DAD93385A4907FADE307040FE026ED66989C0C9915AFC96CB2BC93DE5E106DC1274E4AD2382021C758C60FEDE06D68998CF3591E23E2951778CE09D6D4C
                                                      Malicious:false
                                                      Preview:Microsoft C/C++ MSF 7.00...DS................J..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libEGL.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):346624
                                                      Entropy (8bit):6.54104466243173
                                                      Encrypted:false
                                                      SSDEEP:6144:s3Yqz++E93Is4CtuvK6/AWdCVJ/gc6+XpxJbi+UKg1oxuA8uLVHhlu7D9k0P92XE:soC++G4sO+J/gc6+Xpzi+UKpquzlu7DW
                                                      MD5:7A53AD3E5D2E65C982450E7B7453DE8A
                                                      SHA1:99F27E54F1F61207C02110CAC476405557A8AD54
                                                      SHA-256:24FDDD6A367792A9D86D9060FC9AA459B5FB0F67804CB7D139A100D86BBDAFF8
                                                      SHA-512:2B5E5DB46FDC787CB46CDAEBFFC01586E248FBB864677B27AF03CDC33E956DEF51B3F836597E7092C4175CF605C44728C6F96B74BB2C9870E9715D4AF4C531A1
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......_.........."!.........T............................................................@A....................................P....p...........................3..4.......................8........G...............................................text............................... ..`.rdata..............................@..@.data....4..........................@....00cfg.......@......................@..@.tls.........P......................@....voltbl......`...........................rsrc........p......................@..@.reloc...3.......4..................@..B........................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\swiftshader\libGLESv2.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):2445312
                                                      Entropy (8bit):6.750207745422387
                                                      Encrypted:false
                                                      SSDEEP:49152:XDEYOEFSOv490qncuR2zJirE61O17bp2WpMKiK4sFtvRJEIEhA69d+LFr1jWNHFi:XLFl+HFKD+biGMWRgWPWck2SiZbC
                                                      MD5:334C3157E63A34B22CCE25A44A04835F
                                                      SHA1:C6B05BD55BE9FED3B0C5077C5649E2A41C10DC08
                                                      SHA-256:3E307570B574469EC8BCF1CE6D5291DF8D627CA3812F05AACFEBBD3F00B17F89
                                                      SHA-512:11F538ADD05515861891892EBB90163B6540B72FEB380D64B4A0AA56C6415E3B71374557BF50D0B936712B1006F2B94D59BEBFBF18CBF93BB883D9055CAAEEE9
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......_.........."!.....4 .................................................p*...........@A..........................#.. ....$.d....P)......................`).......#.......................#......."...............$.P............................text.../2 ......4 ................. ..`.rdata..\....P ......8 .............@..@.data...L....@$...... $.............@....00cfg....... )......>$.............@..@.tls.........0)......@$.............@....voltbl.M....@)......B$..................rsrc........P)......D$.............@..@.reloc.......`)......H$.............@..B........................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\v8_context_snapshot.bin

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):631017
                                                      Entropy (8bit):5.144793130466209
                                                      Encrypted:false
                                                      SSDEEP:6144:tQ8NIJFP47mT2reYaonhIZijJN0MhbA0u:DIJjS8mJNBu
                                                      MD5:0794DF29DF8DFC3ECE5C443F864F5AEB
                                                      SHA1:BFD4A9A34BEB9751BC4203FB9A9172F1F05E5B16
                                                      SHA-256:3EE2237E9B14871165B051CCF892C8375E45B5F12841E02F4B9D37F5D5A03283
                                                      SHA-512:0D34E36F7455B977F086F04840FBA679284A619A7164A56B5C7FC2ADCB23A231B67A62101540EB07CF5C8192790266B08D2CC232D291621C331FE77C1F5E52C0
                                                      Malicious:false
                                                      Preview:..........d..<..11.8.172.9......................................................@...]!...S..y...-[..........`....`....`T...`b...`....`............B..............b........."..............B..............b...(Jb...)L.....@..F^.1..5.`.....(Jb...-P.....@..F^..`.....H...IDa........Db............D`.....-.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\vk_swiftshader.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):4400640
                                                      Entropy (8bit):6.667314807988382
                                                      Encrypted:false
                                                      SSDEEP:98304:DrQcuW1iHUXeBwYN/jmlqjLPh34n3E0xnHTCOTr9:DrQcu2iH5Bv249o3E0x
                                                      MD5:7F913E31D00082338F073EF60D67B335
                                                      SHA1:AC831B45F2A32E23BA9046044508E47E04CDA3A4
                                                      SHA-256:B60E9818C4EA9396D0D2D2A4AC79C7DC40D0DFF6BB8BC734D0AB14ADC30FBF30
                                                      SHA-512:E1AC79C775CF9137283CD2C1AE1A45EC597E0351CDB9C11D483E2E1F8B00CC2BBC5807A50DED13A3A5E76F06C1A565EFF1233F4EC727B0C5F7AA3BEAEA906750
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....e.........."!.....$5.........P.-......................................PD...........@A........................8=?.~....\?.P.... B......................0B.X.....?.....................H.?......@5.............._?..............................text...T#5......$5................. ..`.rdata...a...@5..b...(5.............@..@.data...@N....?..x....?.............@....00cfg........B.......A.............@..@.tls....5.....B.......A.............@....rsrc........ B.......A.............@..@.reloc..X....0B.......A.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\vk_swiftshader_icd.json

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):106
                                                      Entropy (8bit):4.724752649036734
                                                      Encrypted:false
                                                      SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                      MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                      SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                      SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                      SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                      Malicious:false
                                                      Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                      C:\Users\user\AppData\Roaming\Snetchball\vulkan-1.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):826368
                                                      Entropy (8bit):6.78646032943732
                                                      Encrypted:false
                                                      SSDEEP:24576:XWygS4iaktBPIUt34P6Z5WoDYsHY6g3P0zAk7QsZD:xnRPIUtc6Z5WoDYsHY6g3P0zAk7Q+D
                                                      MD5:A031EB19C61942A26EF74500AD4B42DF
                                                      SHA1:FDC6EA473234F153639E963E8EFB8D028DA1BE20
                                                      SHA-256:207706A3A3FAA8500F88CB034B26413074EFC67221A07C5F70558F3C40985A91
                                                      SHA-512:80F843E47FC2B41B17EF6EA1BB2BB04119B2417311599EC52120D9F9DF316B4D7B1DAF97EE5CDF2AE78CDB9475E5C65255A7F2AB2A9231804F6A82C83303FD19
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....e.........."!.....|..........@.....................................................@A...........................<!..$...P....p..............................l..............................................P................................text....z.......|.................. ..`.rdata..tr.......t..................@..@.data....7..........................@....00cfg.......P......................@..@.tls.........`......................@....rsrc........p......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Snetchball\widevinecdmadapter.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):211456
                                                      Entropy (8bit):6.566524833521835
                                                      Encrypted:false
                                                      SSDEEP:3072:IIgyHan0tiWcminIS/Q7yLH3dvcu20qjSoylXGjbAg0Fujurg7VBaB:ILyHa01MLHFuZX3bAOfSB
                                                      MD5:6D7FD214164C858BBCF4AA050C114E8C
                                                      SHA1:B8868DA6BB9A79EE7C9901A9BFAC580D5BAFCC96
                                                      SHA-256:3F58FB22BD1A1159C351D125BEE122A16BB97BABB5FCA67FDBD9AAAED3B302E6
                                                      SHA-512:0F8F2523C3A616AC7C72A1239B7E353F6A684FF75DA79D1CAF9B98A47FF6FE06329165825704C67C04E92073BA2C17D0FF339C57731DDF0F1489C2E97D1D0A14
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............^...^...^..._...^..._q..^..._..^..._..^..._..^..._..^k.._...^..._...^...^...^k.._...^k.._...^n..^...^k.._...^Rich...^........................PE..L...Ua.X.........."!.........(......c........0............................................@.................................x...<....@.......................P..T"......8...............................@............0..0............................text............................... ..`.rdata..`....0....... ..............@..@.data...............................@....gfids.......0......................@..@.rsrc........@......................@..@.reloc..T"...P...$..................@..B........................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Entropy (8bit):5.607671703383717
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:HDKuOe.exe
                                                      File size:306'019 bytes
                                                      MD5:4ebffced85203bc1c3c5d9f3afd1045d
                                                      SHA1:35b481018a1087dac0fb57590a57175f51783a34
                                                      SHA256:5310a58317bf00aff0e0d9d6f2008b3389c5298b2c53513fc3ba08e887fca864
                                                      SHA512:399315951deecf039072779a28fa536b611895cdda6fd570652ddecc6be0322973dc335169955ae0d3018a5687a18aeab45fbfbf80a2a12cdfe0b47080fe8bc8
                                                      SSDEEP:3072:DFi6z/VXzAf3oc3J6Y5r/ZUx9hF/arYwJEn1ppaNcAu09g4brjqCtDHkLHd9g0z/:DxFSjJhr/ZUX15aNX9gm/qC50I0b
                                                      TLSH:FF5439003920A442E5D02B320F51FA3A4FD2ACAFC6AD151EB9D9FEDB71BE1C38595716
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L.....Oa.................d...........4............@

                                                      File Icon

                                                      Icon Hash:31246d7b2d4a9974

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x4034cc
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x614F9B02 [Sat Sep 25 21:56:18 2021 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f10e4da994053bf80c20cee985b32e29

                                                      Entrypoint Preview

                                                      Instruction
                                                      push ebp
                                                      mov ebp, esp
                                                      sub esp, 00000220h
                                                      push esi
                                                      push edi
                                                      xor edi, edi
                                                      push 00008001h
                                                      mov dword ptr [ebp-10h], edi
                                                      mov dword ptr [ebp-04h], 0040A130h
                                                      mov dword ptr [ebp-08h], edi
                                                      mov byte ptr [ebp-0Ch], 00000020h
                                                      call dword ptr [004080B0h]
                                                      mov esi, dword ptr [004080C0h]
                                                      lea eax, dword ptr [ebp-000000C0h]
                                                      push eax
                                                      mov dword ptr [ebp-000000ACh], edi
                                                      mov dword ptr [ebp-2Ch], edi
                                                      mov dword ptr [ebp-28h], edi
                                                      mov dword ptr [ebp-000000C0h], 0000009Ch
                                                      call esi
                                                      test eax, eax
                                                      jne 00007F4AE4E1D401h
                                                      lea eax, dword ptr [ebp-000000C0h]
                                                      mov dword ptr [ebp-000000C0h], 00000094h
                                                      push eax
                                                      call esi
                                                      cmp dword ptr [ebp-000000B0h], 02h
                                                      jne 00007F4AE4E1D3ECh
                                                      movsx cx, byte ptr [ebp-0000009Fh]
                                                      mov al, byte ptr [ebp-000000ACh]
                                                      sub ecx, 30h
                                                      sub al, 53h
                                                      mov byte ptr [ebp-26h], 00000004h
                                                      neg al
                                                      sbb eax, eax
                                                      not eax
                                                      and eax, ecx
                                                      mov word ptr [ebp-2Ch], ax
                                                      cmp dword ptr [ebp-000000B0h], 02h
                                                      jnc 00007F4AE4E1D3E4h
                                                      and byte ptr [ebp-26h], 00000000h
                                                      cmp byte ptr [ebp-000000ABh], 00000041h
                                                      jl 00007F4AE4E1D3D3h
                                                      movsx ax, byte ptr [ebp-000000ABh]
                                                      sub eax, 40h
                                                      mov word ptr [ebp-2Ch], ax
                                                      jmp 00007F4AE4E1D3C6h
                                                      mov word ptr [ebp-2Ch], di
                                                      cmp dword ptr [ebp-000000BCh], 0Ah
                                                      jnc 00007F4AE4E1D3CAh
                                                      and word ptr [ebp+00000000h], 0000h

                                                      Rich Headers

                                                      Programming Language:
                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x84380xa0.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x360000x3bec8.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x639f0x64007224e998fe56f3bd47d63fbbb07b7c8aFalse0.6683203125data6.446278846973847IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x80000x12760x1400f7ab432379f1255f04a3e990ba282ef1False0.4333984375data5.054263249154582IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0xa0000x1a8580x6008e1e6b6bb7da1113950a0aab31a168c0False0.4427083333333333data4.079691703439067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .ndata0x250000x110000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x360000x3bec80x3c000de1d34e860de835ed011a4e53eba1ae3False0.46851806640625data5.041975713610549IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0x363400x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.14552525730509877
                                                      RT_ICON0x46b680xd643PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9810942371150936
                                                      RT_ICON0x541b00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.20233340340550768
                                                      RT_ICON0x5d6580x64cfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9913201844460805
                                                      RT_ICON0x63b280x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.2493992606284658
                                                      RT_ICON0x68fb00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.2512990080302315
                                                      RT_ICON0x6d1d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.316804979253112
                                                      RT_ICON0x6f7800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3876641651031895
                                                      RT_ICON0x708280x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.46762295081967215
                                                      RT_ICON0x711b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5469858156028369
                                                      RT_DIALOG0x716180x202dataEnglishUnited States0.4085603112840467
                                                      RT_DIALOG0x718200xf8dataEnglishUnited States0.6290322580645161
                                                      RT_DIALOG0x719180xeedataEnglishUnited States0.6302521008403361
                                                      RT_GROUP_ICON0x71a080x92dataEnglishUnited States0.7191780821917808
                                                      RT_MANIFEST0x71aa00x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                      Imports

                                                      DLLImport
                                                      ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                                      SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                                      ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                                      COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                      USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, SetWindowPos, SetCursor, GetSysColor, SetClassLongA, GetWindowLongA, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                                      GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                      KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersionExA, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:16:09:57
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\Desktop\HDKuOe.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\HDKuOe.exe"
                                                      Imagebase:0x400000
                                                      File size:306'019 bytes
                                                      MD5 hash:4EBFFCED85203BC1C3C5D9F3AFD1045D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:6
                                                      Start time:16:11:28
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\setup.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Local\Temp\setup.exe"
                                                      Imagebase:0x400000
                                                      File size:107'389'293 bytes
                                                      MD5 hash:12F9523E0ADA8BDABC28FA142D6E56BD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 9%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:7
                                                      Start time:16:11:52
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Imagebase:0x600000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 8%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:9
                                                      Start time:16:11:56
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x850000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:10
                                                      Start time:16:11:56
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3408 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
                                                      Imagebase:0x190000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:16:11:56
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3856 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                      Imagebase:0x540000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:12
                                                      Start time:16:11:56
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0xd00000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:13
                                                      Start time:16:11:56
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
                                                      Imagebase:0x8c0000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:16:11:56
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736499434 --mojo-platform-channel-handle=4220 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                      Imagebase:0x300000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:16:11:56
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 OPR/113.0.0.0" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1725129980049114 --launch-time-ticks=5736521392 --mojo-platform-channel-handle=4268 --field-trial-handle=3416,i,13150293648065322822,16914553153379797195,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
                                                      Imagebase:0xfc0000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:16
                                                      Start time:16:11:57
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x7b0000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:17
                                                      Start time:16:11:58
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x550000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:18
                                                      Start time:16:11:58
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x8d0000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:19
                                                      Start time:16:11:59
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x550000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:20
                                                      Start time:16:11:59
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x90000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:21
                                                      Start time:16:11:59
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x590000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:22
                                                      Start time:16:12:00
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x530000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:23
                                                      Start time:16:12:00
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x940000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:24
                                                      Start time:16:12:01
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x200000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:25
                                                      Start time:16:12:02
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0x8b0000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:26
                                                      Start time:16:12:02
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0xdd0000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:27
                                                      Start time:16:12:02
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0xb90000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:28
                                                      Start time:16:12:03
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:0xcb0000
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:29
                                                      Start time:16:12:03
                                                      Start date:31/08/2024
                                                      Path:C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe
                                                      Wow64 process (32bit):
                                                      Commandline:"C:\Users\user\AppData\Roaming\Snetchball\Snetchball.exe"
                                                      Imagebase:
                                                      File size:360'960 bytes
                                                      MD5 hash:A011E4E8E7502FDFCD1C52A98392FF46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:false

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:13.4%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:82
                                                        Total number of Limit Nodes:2
                                                        execution_graph 58750 27cd638 DuplicateHandle 58751 27cd6ce 58750->58751 58841 f4e700 58842 f4e718 58841->58842 58843 f4e772 58842->58843 58845 6e311a0 58842->58845 58849 6e311c8 58845->58849 58853 6e311b9 58845->58853 58846 6e311b5 58846->58843 58850 6e3120a 58849->58850 58852 6e31211 58849->58852 58851 6e31262 CallWindowProcW 58850->58851 58850->58852 58851->58852 58852->58846 58854 6e311c8 58853->58854 58855 6e31262 CallWindowProcW 58854->58855 58856 6e31211 58854->58856 58855->58856 58856->58846 58752 27cb0b0 58754 27cb0d2 58752->58754 58753 27cb1b9 58754->58753 58764 27cddc8 58754->58764 58768 27cdc20 58754->58768 58772 27cddb8 58754->58772 58776 27cdc30 58754->58776 58755 27cb42c 58755->58753 58785 6aee3e0 58755->58785 58789 6aee3f0 58755->58789 58763 27cb306 58763->58753 58763->58755 58780 5393610 58763->58780 58765 27cddea 58764->58765 58767 27cdef3 58765->58767 58793 27cd1cc 58765->58793 58767->58763 58769 27cdc49 58768->58769 58770 27cd1cc SystemParametersInfoA 58769->58770 58771 27cdc87 58769->58771 58770->58771 58771->58763 58773 27cddea 58772->58773 58774 27cd1cc SystemParametersInfoA 58773->58774 58775 27cdef3 58773->58775 58774->58775 58775->58763 58777 27cdc49 58776->58777 58778 27cd1cc SystemParametersInfoA 58777->58778 58779 27cdc87 58777->58779 58778->58779 58779->58763 58781 5393615 58780->58781 58797 5397120 58781->58797 58800 539710f 58781->58800 58782 5393690 58782->58755 58786 6aee406 58785->58786 58810 6aee07c 58786->58810 58788 6aee4d2 58788->58753 58790 6aee406 58789->58790 58791 6aee07c 2 API calls 58790->58791 58792 6aee4d2 58791->58792 58792->58753 58794 27ce028 SystemParametersInfoA 58793->58794 58796 27ce09f 58794->58796 58796->58767 58804 5397148 58797->58804 58798 539712e 58798->58782 58801 5397120 58800->58801 58803 5397148 GlobalMemoryStatusEx 58801->58803 58802 539712e 58802->58782 58803->58802 58805 5397165 58804->58805 58807 539718d 58804->58807 58805->58798 58806 53971ae 58806->58798 58807->58806 58808 5397276 GlobalMemoryStatusEx 58807->58808 58809 53972a6 58808->58809 58809->58798 58811 6aee087 58810->58811 58815 6aef018 58811->58815 58820 6aef003 58811->58820 58812 6aee6a7 58812->58788 58816 6aef043 58815->58816 58817 6aef0f2 58816->58817 58825 6e303a8 58816->58825 58829 6e30398 58816->58829 58821 6aef043 58820->58821 58822 6aef0f2 58821->58822 58823 6e303a8 2 API calls 58821->58823 58824 6e30398 2 API calls 58821->58824 58823->58822 58824->58822 58833 6e303f8 58825->58833 58837 6e303ec 58825->58837 58830 6e303dd 58829->58830 58831 6e303f8 CreateWindowExW 58829->58831 58832 6e303ec CreateWindowExW 58829->58832 58830->58817 58831->58830 58832->58830 58834 6e30460 CreateWindowExW 58833->58834 58836 6e3051c 58834->58836 58838 6e303f8 CreateWindowExW 58837->58838 58840 6e3051c 58838->58840

                                                        Executed Functions

                                                        Function 027C4F58 Relevance: 7.9, Strings: 6, Instructions: 394COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 501 27c4f58-27c4f7d 503 27c5056-27c507b 501->503 504 27c4f83-27c4f87 501->504 506 27c5082-27c50a7 503->506 505 27c4f8d-27c4fa4 504->505 504->506 513 27c504e-27c5053 505->513 514 27c4faa-27c4fae 505->514 519 27c50ae-27c50ea 506->519 514->513 517 27c4fb4-27c4fc0 514->517 517->513 518 27c4fc6-27c4fcf 517->518 518->519 520 27c4fd5-27c4fdb 518->520 531 27c51cd-27c51f2 519->531 532 27c50f0-27c50f4 519->532 521 27c4fdd-27c4fe3 520->521 522 27c4ff3-27c5048 520->522 524 27c4fe5 521->524 525 27c4fe7-27c4ff1 521->525 522->513 522->518 524->522 525->522 533 27c51f9-27c521e 531->533 532->533 534 27c50fa-27c5111 532->534 547 27c5225-27c5267 533->547 541 27c51c5-27c51ca 534->541 542 27c5117-27c511b 534->542 542->541 545 27c5121-27c512d 542->545 545->541 546 27c5133-27c513c 545->546 546->547 548 27c5142-27c51bf 546->548 553 27c526d-27c5271 547->553 554 27c55a3-27c55c8 547->554 548->541 548->546 555 27c55cf-27c55f4 553->555 556 27c5277-27c5291 553->556 554->555 573 27c55fb-27c5623 555->573 567 27c535e 556->567 568 27c5297-27c529b 556->568 571 27c5367-27c5376 567->571 568->567 570 27c52a1-27c52b9 568->570 570->567 575 27c52bf-27c52c8 570->575 576 27c537c-27c538e call 27c2da0 571->576 577 27c559a-27c55a0 571->577 575->573 578 27c52ce-27c52d4 575->578 576->577 588 27c5394-27c539b 576->588 581 27c52ec-27c52f3 578->581 582 27c52d6-27c52dc 578->582 586 27c534c-27c5358 581->586 587 27c52f5-27c5306 581->587 584 27c52de 582->584 585 27c52e0-27c52ea 582->585 584->581 585->581 586->567 586->575 587->586 588->577 589 27c53a1-27c53f0 588->589 595 27c5400-27c5421 call 27c2da0 589->595 596 27c53f2-27c53fd 589->596 601 27c54d8-27c5530 595->601 602 27c5427-27c54a2 call 27c2ecc call 27c3528 595->602 596->595 601->577 612 27c5532-27c556c call 27c3528 601->612 602->577 612->577
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2871127368.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_27c0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq$(jq$(jq
                                                        • API String ID: 0-863759508
                                                        • Opcode ID: 062354a8650043ec0a8ae6a39d445d8fa8e2a9d9405c65cc0421ec2fc1df55d0
                                                        • Instruction ID: b709cb17abf5a3f4b88fce3ba658c72bab135ca10f2ddf8d83f8b2bb78291be3
                                                        • Opcode Fuzzy Hash: 062354a8650043ec0a8ae6a39d445d8fa8e2a9d9405c65cc0421ec2fc1df55d0
                                                        • Instruction Fuzzy Hash: F2E18F75A001148FDB08EF78D8546AEBBF2AF88311F24816DD905FB395DB35AD42CB91
                                                        Function 027C3860 Relevance: 4.4, Strings: 3, Instructions: 627COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 751 27c3860-27c3891 753 27c3897-27c38a2 751->753 754 27c3ba1-27c3c05 751->754 758 27c38aa-27c38b9 753->758 759 27c38a4-27c38a7 753->759 767 27c3c0b-27c3cb3 call 27c3218 call 27c3528 754->767 768 27c3de5-27c3e47 754->768 760 27c38bb 758->760 761 27c38c0-27c38ed 758->761 759->758 760->761 770 27c3b5d-27c3b7e 761->770 771 27c38f3-27c3924 call 27c3528 761->771 841 27c3cbc-27c3cdf call 27c3528 767->841 842 27c3cb5-27c3cba 767->842 789 27c419c-27c4228 768->789 790 27c3e4d-27c3e59 768->790 778 27c3b88 770->778 779 27c3b80 770->779 785 27c393a-27c39f5 call 27c3528 771->785 786 27c3926-27c3931 771->786 781 27c3b89 778->781 779->778 781->781 873 27c3a7c-27c3a87 785->873 874 27c39fb-27c3a13 785->874 786->785 939 27c422a call 27c4248 789->939 940 27c422a call 27c4237 789->940 798 27c3e5b-27c3e5e 790->798 799 27c3e61-27c3e6d 790->799 798->799 801 27c3e6f 799->801 802 27c3e74-27c3e9c 799->802 801->802 819 27c404c-27c408b 802->819 820 27c3ea2-27c3ec0 802->820 853 27c4092-27c416e call 27c02e0 819->853 831 27c3f6d-27c3f71 820->831 832 27c3ec6-27c3ed1 call 27c02e0 820->832 838 27c402e-27c4047 831->838 839 27c3f77-27c4028 call 27c3528 831->839 852 27c3ed7-27c3f67 call 27c3528 832->852 832->853 846 27c4173-27c4179 838->846 839->838 870 27c3ddc-27c3de2 841->870 842->841 843 27c3ce4-27c3ce7 842->843 847 27c3d0d-27c3d11 843->847 848 27c3ce9-27c3d05 843->848 850 27c417b 846->850 851 27c4183 846->851 859 27c3dbf-27c3dd7 847->859 860 27c3d17-27c3d28 847->860 848->847 850->851 851->789 852->831 853->846 859->870 876 27c3d2a-27c3d4e 860->876 877 27c3d53-27c3d58 860->877 867 27c4230-27c4235 873->754 888 27c3b49-27c3b57 874->888 889 27c3a19-27c3a3d 874->889 876->870 879 27c3d5a-27c3d5d 877->879 880 27c3d64-27c3d70 877->880 879->880 880->870 890 27c3d72-27c3d8a 880->890 888->770 932 27c3a40 call 27c4f58 889->932 933 27c3a40 call 27c4f48 889->933 934 27c3a40 call 27c5308 889->934 935 27c3a40 call 27c50c8 889->935 936 27c3a40 call 27c500a 889->936 937 27c3a40 call 27c5175 889->937 938 27c3a40 call 27c5240 889->938 905 27c3d8c-27c3d97 890->905 906 27c3d99-27c3dbd 890->906 905->870 906->870 908 27c3a46 908->888 932->908 933->908 934->908 935->908 936->908 937->908 938->908 939->867 940->867
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2871127368.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_27c0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 2d5e3e07d306324fd24cfa3104631d7df85fa63bb50048598422b6b69b92423f
                                                        • Instruction ID: 9bc449fe3cbbcfd051c0d30c92bcd3920430103e210b51167af12a21479d00d4
                                                        • Opcode Fuzzy Hash: 2d5e3e07d306324fd24cfa3104631d7df85fa63bb50048598422b6b69b92423f
                                                        • Instruction Fuzzy Hash: 88326274B002149FDB05EBB9D894A6E7BB7EF88310F248169E905AB3A5DF349C41CB90
                                                        Function 062765B0 Relevance: 3.1, Strings: 2, Instructions: 558COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$\;fq
                                                        • API String ID: 0-765867603
                                                        • Opcode ID: 82800de0d77bbec6cc79b134cb074165dcd8caf906b8d0bebe0a426909fb7873
                                                        • Instruction ID: 19ecef0de43431545b3edca8d3f491246d02ceabbb73e073b51215324f9d5515
                                                        • Opcode Fuzzy Hash: 82800de0d77bbec6cc79b134cb074165dcd8caf906b8d0bebe0a426909fb7873
                                                        • Instruction Fuzzy Hash: 66327430E2065ACFCB14DF74C854AADBBB2FF85300F1595A9E845AB351EF70A985CB90
                                                        Function 05395F28 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2942132361.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5390000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \Vkl
                                                        • API String ID: 0-178496027
                                                        • Opcode ID: fc01ed888878aed3dd792560891e935001b2a67f87115ef3fa2a2cc9a6bfdddc
                                                        • Instruction ID: c20bac91623538fd442f9fefd87c7b8c3ff2bd31892acd4148135ba85611e158
                                                        • Opcode Fuzzy Hash: fc01ed888878aed3dd792560891e935001b2a67f87115ef3fa2a2cc9a6bfdddc
                                                        • Instruction Fuzzy Hash: 50B12CB0E05209DFDF18CFA9C9867ADBBF2BF88314F148129D815A7394EB749845CB91
                                                        Function 027C1049 Relevance: .8, Instructions: 843COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2871127368.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_27c0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8c239a1021ae71e9999bc3c6d6c8325f9f7dccf6c5871400b51b2078da7f79f1
                                                        • Instruction ID: bc242b5000656e62645390cd5f13e457ebc481304a9a27ceabcbd5fd5c957f03
                                                        • Opcode Fuzzy Hash: 8c239a1021ae71e9999bc3c6d6c8325f9f7dccf6c5871400b51b2078da7f79f1
                                                        • Instruction Fuzzy Hash: 258241B8A04509DBDB06EBF4D594B6E7BB3EF89300F105514AA8037798CF356D81EB62
                                                        Function 05397C08 Relevance: .3, Instructions: 315COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2942132361.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5390000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 099bd1989d02b803f1066a8cfa1ef356e0317c4128e279e36ef5d887017aa192
                                                        • Instruction ID: 192e6555a69e0724e5875ee9b1fc73ca9dfdd1c215a1eb4c447253a03aaf2a62
                                                        • Opcode Fuzzy Hash: 099bd1989d02b803f1066a8cfa1ef356e0317c4128e279e36ef5d887017aa192
                                                        • Instruction Fuzzy Hash: 6B12A8B2411745EBD718CF26E94C18A3BB9FB4132AF904249D2612F2EDD7BC194ACF44
                                                        Function 053967F8 Relevance: .3, Instructions: 266COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2942132361.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5390000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb380e5df726412c86fd482f46cd4574aec46f28f628d2cee2c624f7294fa04d
                                                        • Instruction ID: 2d0b364f3751bc19db75fafffe173fc3746fa5ecc00b389edc4a6e158d828a1e
                                                        • Opcode Fuzzy Hash: cb380e5df726412c86fd482f46cd4574aec46f28f628d2cee2c624f7294fa04d
                                                        • Instruction Fuzzy Hash: 1AB141B1E052099FDF14CFA9C9867EDBBF2BF88314F248129D815EB254EB749845CB81
                                                        Function 05397BF8 Relevance: .2, Instructions: 220COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2942132361.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5390000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab4f22fddb4ff71d7efc5b5e3f6b2fb594473a61e043e977aae2a8938f8723b0
                                                        • Instruction ID: 70dec6b05d685b0bd164ac1870db44b1a7104433c5048f57b1d9db77ba107160
                                                        • Opcode Fuzzy Hash: ab4f22fddb4ff71d7efc5b5e3f6b2fb594473a61e043e977aae2a8938f8723b0
                                                        • Instruction Fuzzy Hash: 7CC13CB2411745EBD718CF26E94819A3BB9FB85326F614349D1612F2ECDBBC284ACF44
                                                        Function 06E30790 Relevance: .2, Instructions: 200COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3235858454.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6e30000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 990a885ce5881bca090494aef7c535d907fae9a3667313903328f3b7e3f11414
                                                        • Instruction ID: 0faef7ea16b1ae3e4c296cf821c27bde03f46b877f963cfb30d803cc2eab81bd
                                                        • Opcode Fuzzy Hash: 990a885ce5881bca090494aef7c535d907fae9a3667313903328f3b7e3f11414
                                                        • Instruction Fuzzy Hash: FB81C335E0031ADFCB45DFA1D8849DDFBBAFF89310F158615E416AB2A4DB30A985CB90
                                                        Function 06E3D530 Relevance: .2, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3235858454.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6e30000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fb177b09131e24f448f88a729beb26da36d2bfc085f0a57e350c35d80cbbaf4
                                                        • Instruction ID: 80ae3a2d556a977537ed4e62764fcecef415de82e1b18890fb77df1ea983b8fb
                                                        • Opcode Fuzzy Hash: 9fb177b09131e24f448f88a729beb26da36d2bfc085f0a57e350c35d80cbbaf4
                                                        • Instruction Fuzzy Hash: 5C615E35B107118FC799EF38C998A6E77A6AF88604B14952CD51A9B394EF70DC01CB80
                                                        Function 06AE8850 Relevance: 11.4, Strings: 9, Instructions: 153COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 457 6ae8850-6ae887b 459 6ae89f0-6ae8a1e 457->459 460 6ae8881 457->460 460->459 461 6ae8888-6ae8892 460->461 462 6ae8938-6ae8946 460->462 463 6ae8897-6ae88a5 460->463 468 6ae89e9-6ae89ef 461->468 472 6ae8958 462->472 473 6ae8948-6ae8956 462->473 469 6ae88b7 463->469 470 6ae88a7-6ae88b5 463->470 475 6ae88b9-6ae88bb 469->475 470->475 474 6ae895a-6ae895c 472->474 473->474 476 6ae895e-6ae8964 474->476 477 6ae89ac-6ae89b8 474->477 478 6ae88bd-6ae88c3 475->478 479 6ae88f6-6ae8902 475->479 481 6ae8966-6ae8968 476->481 482 6ae8972-6ae89aa 476->482 491 6ae89ba-6ae89c0 477->491 492 6ae89d0-6ae89df 477->492 483 6ae88c5-6ae88c7 478->483 484 6ae88d1-6ae88f1 478->484 488 6ae891a-6ae8933 479->488 489 6ae8904-6ae890a 479->489 481->482 482->468 483->484 484->468 488->468 494 6ae890e-6ae8910 489->494 495 6ae890c 489->495 496 6ae89c4-6ae89c6 491->496 497 6ae89c2 491->497 492->468 494->488 495->488 496->492 497->492
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $&gq$4cfq$4cfq$4cfq$4cfq$$fq$$fq$$fq$$fq
                                                        • API String ID: 0-3168882009
                                                        • Opcode ID: 744c4290e762170291a3d364e8c0eb1198f7bb9a6b66e98602b626c5f8515560
                                                        • Instruction ID: de188a0647562a741f1b2de804f7cba50ff8e300a5930ef836a11a3cdbdb412e
                                                        • Opcode Fuzzy Hash: 744c4290e762170291a3d364e8c0eb1198f7bb9a6b66e98602b626c5f8515560
                                                        • Instruction Fuzzy Hash: C851CF71F00115CFCB58EF69C80056EBBB6BF85310725415AE846EF3A1EA35DD02CBA2
                                                        Function 062724B0 Relevance: 5.3, Strings: 4, Instructions: 254COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 621 62724b0-62724be 622 6272512-627254c 621->622 623 62724c0-62724d7 621->623 633 627256e-6272576 622->633 634 627254e-627255f 622->634 628 62724e2-62724f7 623->628 629 62724d9-62724e1 623->629 635 62724ff-6272501 628->635 643 62726af-62726e3 633->643 644 627257c-6272588 633->644 636 6272657-627267c 634->636 637 6272565-6272567 634->637 638 6272503-627250b 635->638 639 627250c-6272511 635->639 640 6272683-62726a8 636->640 637->640 641 627256d 637->641 640->643 641->633 666 62726ea-62726f8 643->666 644->643 651 627258e-6272597 644->651 656 62725d7-62725ee 651->656 657 6272599-62725a5 651->657 663 6272644-6272654 656->663 664 62725f0-62725f6 656->664 657->656 662 62725a7-62725bc 657->662 662->656 675 62725be-62725d4 662->675 665 62725fc-627260c 664->665 664->666 670 627263e-6272642 665->670 671 627260e-6272623 665->671 673 627273a-627274a 666->673 674 62726fa-6272719 666->674 670->663 670->664 671->670 686 6272625-627263b 671->686 679 6272755-627275a 673->679 680 627274c-6272754 673->680 682 6272724-6272730 674->682 683 627271b-6272723 674->683 682->680 687 6272732 682->687 687->673
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq
                                                        • API String ID: 0-2623274312
                                                        • Opcode ID: 6bdd504b68416ece652c5abfd4173c65229bf3c647f73ed4b608b39c3eda3b3c
                                                        • Instruction ID: b134e26c1c46719ef2c0cf075c50f2bbaebfaafeb0133344f64efad5d9a67344
                                                        • Opcode Fuzzy Hash: 6bdd504b68416ece652c5abfd4173c65229bf3c647f73ed4b608b39c3eda3b3c
                                                        • Instruction Fuzzy Hash: 1A81D136B101168FCB58EF7DE494A6E7BE6EF8471071540AAE909CB3A1EE31DE01C790
                                                        Function 06AE24D8 Relevance: 5.0, Strings: 4, Instructions: 10COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 748 6ae24d8-6ae24e5 749 6ae24e7 748->749 750 6ae2511 748->750 749->750
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq$$fq$$fq$$fq
                                                        • API String ID: 0-2113499236
                                                        • Opcode ID: 2091326ad63d8264a9dc637fe3b59ff5eb5965ef660a94b578062dff7215fc65
                                                        • Instruction ID: 31e38700bfd767bec1db439dc0376465bf8a70917b7f42f9a0e65e8554364e9f
                                                        • Opcode Fuzzy Hash: 2091326ad63d8264a9dc637fe3b59ff5eb5965ef660a94b578062dff7215fc65
                                                        • Instruction Fuzzy Hash: 78B0928140AAA02A83DB01301CB28C22F69440228031BA1C2E142AA653C00D0A4683B2
                                                        Function 06AE32A8 Relevance: 4.3, Strings: 3, Instructions: 552COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 941 6ae32a8-6ae32d3 942 6ae32d7-6ae32dd 941->942 943 6ae32d5 941->943 944 6ae32df-6ae32e6 942->944 945 6ae3315-6ae3319 942->945 943->942 943->944 946 6ae32e8-6ae32f0 944->946 947 6ae32f7-6ae330e 944->947 946->947 948 6ae331a-6ae337b 947->948 949 6ae3310 947->949 952 6ae337e-6ae338a 948->952 949->945 953 6ae3b2b-6ae3b6b 952->953 954 6ae3390-6ae3398 952->954 962 6ae3b6d-6ae3b92 953->962 963 6ae3b97-6ae3ba2 953->963 955 6ae339a-6ae339c 954->955 956 6ae33b2-6ae33b5 954->956 960 6ae339e-6ae33a1 955->960 961 6ae33cb-6ae33d4 955->961 958 6ae33bb-6ae33be 956->958 959 6ae3897-6ae38a1 956->959 958->959 964 6ae33c4-6ae33c7 958->964 959->953 968 6ae38a7-6ae38b2 959->968 966 6ae3877-6ae3892 960->966 967 6ae33a7-6ae33aa 960->967 961->952 965 6ae33d6-6ae33e9 call 6ae1fe0 961->965 982 6ae3c60-6ae3c6b 962->982 984 6ae3c38-6ae3c5d 963->984 985 6ae3ba8-6ae3bc9 963->985 969 6ae33c9 964->969 970 6ae33f1-6ae33fd 964->970 986 6ae33ef 965->986 987 6ae38d2-6ae391a 965->987 966->952 972 6ae3849-6ae3872 967->972 973 6ae33b0 967->973 968->952 974 6ae38b8-6ae38c2 968->974 969->952 979 6ae33ff-6ae340b 970->979 980 6ae340d 970->980 972->952 973->952 988 6ae38ca-6ae38d1 974->988 981 6ae3412-6ae3414 979->981 980->981 990 6ae341a-6ae342a 981->990 991 6ae3995-6ae39d7 981->991 984->982 992 6ae3c1b-6ae3c35 985->992 993 6ae3bcb-6ae3bd1 985->993 986->952 1029 6ae391c-6ae3941 987->1029 1030 6ae3948-6ae398e 987->1030 990->953 995 6ae3430-6ae3442 990->995 1031 6ae39d9-6ae39fe 991->1031 1032 6ae3a05-6ae3a4b 991->1032 992->984 997 6ae3be2-6ae3beb 993->997 998 6ae3bd3-6ae3be0 993->998 1000 6ae3448-6ae344f 995->1000 1001 6ae3513-6ae351a 995->1001 1011 6ae3bee-6ae3bf1 997->1011 998->1011 1006 6ae34ef-6ae34f6 1000->1006 1007 6ae3455-6ae345c 1000->1007 1008 6ae353c-6ae3543 1001->1008 1009 6ae351c-6ae3523 1001->1009 1012 6ae34fc-6ae3503 1006->1012 1013 6ae346b 1006->1013 1007->1013 1014 6ae345e-6ae3465 1007->1014 1017 6ae3545-6ae354f 1008->1017 1018 6ae3570 1008->1018 1015 6ae355c-6ae3561 1009->1015 1016 6ae3525-6ae352c 1009->1016 1021 6ae3bf3-6ae3c06 1011->1021 1022 6ae3c11-6ae3c14 1011->1022 1024 6ae3509-6ae350e 1012->1024 1025 6ae3a52-6ae3aab 1012->1025 1020 6ae346f-6ae347d 1013->1020 1014->1013 1014->1025 1015->1020 1016->1025 1026 6ae3532-6ae3537 1016->1026 1017->1025 1027 6ae3555 1017->1027 1018->972 1039 6ae347f-6ae34a8 1020->1039 1040 6ae34d7-6ae34ea 1020->1040 1021->1022 1037 6ae3c08 1021->1037 1022->992 1024->1020 1059 6ae3add-6ae3b24 1025->1059 1060 6ae3aad-6ae3ad6 1025->1060 1026->1020 1027->1015 1029->1030 1030->991 1031->1032 1032->1025 1037->1022 1041 6ae34aa-6ae34af 1039->1041 1042 6ae34bb-6ae34d4 1039->1042 1040->952 1041->1042 1042->1040 1059->953 1060->1059
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 7abed58f117f028a9c5ddb7460684350f20077ddcbee938608df0b80625640bf
                                                        • Instruction ID: 78ef731a9e6aa0be546020ca9d5a8b44dc19e768b4bc855b8f7311cf2574f022
                                                        • Opcode Fuzzy Hash: 7abed58f117f028a9c5ddb7460684350f20077ddcbee938608df0b80625640bf
                                                        • Instruction Fuzzy Hash: F0227074A006199FCB54DFA9C484AAEBBF2FF88300F24855AE945EB354DB35ED41CB90
                                                        Function 06AE4E30 Relevance: 4.3, Strings: 3, Instructions: 506COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1072 6ae4e30-6ae4e67 1212 6ae4e69 call 6ae56f0 1072->1212 1213 6ae4e69 call 6ae5700 1072->1213 1074 6ae4e6f-6ae4e71 1075 6ae4e8b-6ae4ea1 1074->1075 1076 6ae4e73-6ae4e82 1074->1076 1078 6ae4ee4-6ae4ef6 1075->1078 1079 6ae4ea3-6ae4eb7 1075->1079 1076->1075 1077 6ae4e84-6ae4e86 1076->1077 1080 6ae4f47-6ae4f4e 1077->1080 1081 6ae4ef8-6ae4f0c 1078->1081 1082 6ae4f39-6ae4f3c 1078->1082 1086 6ae4eb9 1079->1086 1087 6ae4ec0-6ae4ede 1079->1087 1084 6ae4f62-6ae4f72 1080->1084 1085 6ae4f50-6ae4f59 1080->1085 1090 6ae4f0e 1081->1090 1091 6ae4f15-6ae4f33 1081->1091 1082->1080 1093 6ae4f75-6ae4f83 1084->1093 1085->1084 1086->1087 1087->1078 1090->1091 1091->1082 1098 6ae4fe8-6ae500e 1093->1098 1099 6ae4f85-6ae4f88 1093->1099 1100 6ae4f9a-6ae4f9e 1098->1100 1118 6ae5010-6ae5028 1098->1118 1099->1100 1101 6ae4f8a-6ae4f8d 1099->1101 1102 6ae4faf-6ae4fb3 1100->1102 1103 6ae4fa0-6ae4fa8 call 6ae1920 1100->1103 1105 6ae4f93 1101->1105 1106 6ae54a1-6ae54f1 1101->1106 1107 6ae4fcd-6ae4fd1 1102->1107 1108 6ae4fb5-6ae4fc4 1102->1108 1109 6ae4fab-6ae4fad 1103->1109 1105->1100 1119 6ae54f8-6ae5508 1106->1119 1110 6ae555b-6ae5564 1107->1110 1111 6ae4fd7-6ae4fe3 1107->1111 1108->1107 1109->1093 1109->1102 1115 6ae556d-6ae5577 1110->1115 1111->1119 1124 6ae502a-6ae5036 1118->1124 1125 6ae5038-6ae503a 1118->1125 1126 6ae550a-6ae5541 1119->1126 1127 6ae5543-6ae5559 1119->1127 1124->1125 1129 6ae530a-6ae530e 1125->1129 1130 6ae5040-6ae5047 1125->1130 1126->1127 1127->1110 1134 6ae5324-6ae5331 1129->1134 1135 6ae5310-6ae5322 1129->1135 1136 6ae504d-6ae505c 1130->1136 1137 6ae510b-6ae5123 1130->1137 1134->1100 1151 6ae5337-6ae535f 1134->1151 1135->1134 1149 6ae5364-6ae5368 1135->1149 1136->1137 1150 6ae5062-6ae50d4 1136->1150 1139 6ae5129-6ae5135 1137->1139 1140 6ae52e5 1137->1140 1141 6ae514f-6ae519b 1139->1141 1142 6ae5137-6ae5144 1139->1142 1148 6ae52ed-6ae5305 1140->1148 1178 6ae519d-6ae51c2 1141->1178 1179 6ae51c9-6ae5211 1141->1179 1142->1148 1157 6ae514a 1142->1157 1148->1100 1153 6ae536a-6ae5378 1149->1153 1154 6ae5397-6ae53c3 call 6ae1268 call 6ae1730 1149->1154 1186 6ae50da-6ae5100 1150->1186 1187 6ae5218-6ae523d 1150->1187 1151->1100 1166 6ae537e-6ae5387 1153->1166 1167 6ae537a-6ae537c 1153->1167 1174 6ae53c9-6ae53eb call 6ae5c81 1154->1174 1175 6ae5244-6ae526e 1154->1175 1157->1100 1215 6ae5389 call 6270cfa 1166->1215 1216 6ae5389 call 6270e49 1166->1216 1217 6ae5389 call 6270e88 1166->1217 1218 6ae5389 call 6270d08 1166->1218 1170 6ae538f 1167->1170 1170->1154 1185 6ae53f1-6ae53f3 1174->1185 1192 6ae529c-6ae52de 1175->1192 1193 6ae5270-6ae5295 1175->1193 1178->1179 1179->1187 1185->1100 1190 6ae53f9-6ae5411 1185->1190 1186->1137 1187->1175 1190->1100 1192->1140 1193->1192 1212->1074 1213->1074 1215->1170 1216->1170 1217->1170 1218->1170
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 02ce3c58a47c7f7215988134e7de6cfdfda875deeeba15b212bc5ae7fd654766
                                                        • Instruction ID: 370c134c62dc5336cf5be7a087331513d460b6e0eda1d24ce3fd4e990eb5ffe3
                                                        • Opcode Fuzzy Hash: 02ce3c58a47c7f7215988134e7de6cfdfda875deeeba15b212bc5ae7fd654766
                                                        • Instruction Fuzzy Hash: 98224175A10219CFDB54EFA4D894AAE7BB2FF88714F208558E906AB365CB31DC41CF90
                                                        Function 06AEAB80 Relevance: 4.0, Strings: 3, Instructions: 246COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1296 6aeab80-6aeabb9 1298 6aeabcf-6aeabd9 1296->1298 1299 6aeae0f-6aeae19 1296->1299 1300 6aeae2c-6aeae36 1296->1300 1301 6aeacca-6aeacea 1296->1301 1302 6aeae4a-6aeae6a 1296->1302 1303 6aeac44-6aeac64 1296->1303 1304 6aeaf82-6aeaf89 1296->1304 1305 6aeac22-6aeac3f 1296->1305 1306 6aeabc0-6aeabca 1296->1306 1307 6aeac00-6aeac1d 1296->1307 1308 6aeae00-6aeae0a 1296->1308 1309 6aeabde-6aeabfb 1296->1309 1310 6aeae1e-6aeae27 1296->1310 1311 6aeaefc-6aeaf1c 1296->1311 1312 6aeaedb-6aeaef7 1296->1312 1313 6aeaddb-6aeadfb 1296->1313 1314 6aeae3b-6aeae45 1296->1314 1315 6aeadb9-6aeadd0 1296->1315 1298->1304 1299->1304 1300->1304 1345 6aeacec-6aeacee 1301->1345 1346 6aeacf8-6aead16 1301->1346 1347 6aeae6c-6aeae6e 1302->1347 1348 6aeae78-6aeaea8 1302->1348 1343 6aeac66-6aeac68 1303->1343 1344 6aeac72-6aeaca7 1303->1344 1305->1304 1306->1304 1307->1304 1308->1304 1309->1304 1310->1304 1341 6aeaf1e-6aeaf20 1311->1341 1342 6aeaf2a-6aeaf66 1311->1342 1312->1304 1313->1304 1314->1304 1353 6aeadd6 1315->1353 1341->1342 1342->1304 1343->1344 1344->1304 1345->1346 1346->1304 1347->1348 1348->1304 1353->1304
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: cfq$cfq$cfq
                                                        • API String ID: 0-1167509415
                                                        • Opcode ID: 84a8ca439530c8d25c83770a505732d785816416cef2683c690308396ae7c4a1
                                                        • Instruction ID: 2e61b4eafe4fdd77f1500c71871f95de0323d34aabd3b5f33ca1fd7e7b2fb014
                                                        • Opcode Fuzzy Hash: 84a8ca439530c8d25c83770a505732d785816416cef2683c690308396ae7c4a1
                                                        • Instruction Fuzzy Hash: DC914675B00510CFCB94EF28C594929BBB1BF89714B6585A9EA0AEF371DB31EC41CB90
                                                        Function 06272140 Relevance: 4.0, Strings: 3, Instructions: 220COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1363 6272140-6272152 1364 6272329-6272384 1363->1364 1365 6272158-6272169 1363->1365 1383 6272386-6272388 1364->1383 1384 6272392-6272396 1364->1384 1368 62721cc-62721d7 1365->1368 1369 627216b-627217c 1365->1369 1375 62721e9-62721f7 1368->1375 1376 62721d9-62721e7 1368->1376 1373 6272182-6272193 1369->1373 1374 627221a-6272225 1369->1374 1385 627224a-6272255 1373->1385 1386 6272199-62721aa 1373->1386 1387 6272227-6272234 1374->1387 1388 6272239-6272245 1374->1388 1380 62721fd-6272215 1375->1380 1376->1380 1395 627231f-6272326 1380->1395 1383->1384 1428 6272398 call 62723d9 1384->1428 1429 6272398 call 62723e8 1384->1429 1398 6272267-6272271 1385->1398 1399 6272257-6272262 1385->1399 1401 62721b0-62721c1 1386->1401 1402 627227d-6272288 1386->1402 1387->1395 1388->1395 1391 627239e-62723a2 1396 62723a4-62723ab 1391->1396 1397 62723ae-62723b6 1391->1397 1403 62723c4-62723c6 1397->1403 1404 62723b8-62723ba 1397->1404 1406 6272278 1398->1406 1399->1395 1410 62721c7 1401->1410 1411 62722ad-62722b8 1401->1411 1412 627229a-62722ab 1402->1412 1413 627228a-6272295 1402->1413 1409 62723cd-62723d2 1403->1409 1404->1403 1406->1395 1414 62722da-62722f3 1410->1414 1419 62722c7-62722d8 1411->1419 1420 62722ba-62722c5 1411->1420 1412->1395 1413->1395 1424 62722f5-6272300 1414->1424 1425 6272302-627230b 1414->1425 1419->1395 1419->1414 1420->1395 1426 6272313-6272315 1424->1426 1425->1426 1426->1395 1428->1391 1429->1391
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$\;fq$|eq
                                                        • API String ID: 0-859907863
                                                        • Opcode ID: f05a768f968f5c16e378151059ac1ed8d54ad209adb9a4cb294f82b1c33b8d4e
                                                        • Instruction ID: 010c56a20e118bfd7a6ca3bfded58eab090ccab1ea7815c27cf3b38d463ce238
                                                        • Opcode Fuzzy Hash: f05a768f968f5c16e378151059ac1ed8d54ad209adb9a4cb294f82b1c33b8d4e
                                                        • Instruction Fuzzy Hash: 7761F875B256278FDB549B7A8850ABFBBE7AFC4340B108026DD06D7394DE34DE0287A1
                                                        Function 06AEA628 Relevance: 3.9, Strings: 3, Instructions: 168COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1488 6aea628-6aea636 1489 6aea63c-6aea649 1488->1489 1490 6aea6e1-6aea706 1488->1490 1493 6aea64f-6aea655 1489->1493 1494 6aea70d-6aea755 1489->1494 1490->1494 1496 6aea659-6aea665 1493->1496 1497 6aea657 1493->1497 1514 6aea75d-6aea7d1 1494->1514 1498 6aea667-6aea66b 1496->1498 1497->1498 1501 6aea6af-6aea6ba 1498->1501 1502 6aea66d-6aea671 1498->1502 1504 6aea6bc-6aea6c3 1501->1504 1505 6aea6c5-6aea6c9 1501->1505 1507 6aea694 1502->1507 1508 6aea673-6aea67c 1502->1508 1509 6aea6d0-6aea6d2 1504->1509 1505->1509 1512 6aea697-6aea6a4 1507->1512 1510 6aea67e-6aea681 1508->1510 1511 6aea683-6aea690 1508->1511 1509->1514 1515 6aea6d8-6aea6de 1509->1515 1516 6aea692 1510->1516 1511->1516 1512->1501 1521 6aea6a6-6aea6ac 1512->1521 1530 6aea7ed 1514->1530 1531 6aea7d3-6aea7d9 1514->1531 1516->1512 1532 6aea7ef-6aea802 1530->1532 1533 6aea7df-6aea7e1 1531->1533 1534 6aea7db-6aea7dd 1531->1534 1537 6aea809-6aea81b 1532->1537 1535 6aea7eb 1533->1535 1534->1535 1535->1532
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$Hjq$Hjq
                                                        • API String ID: 0-2816841513
                                                        • Opcode ID: 2d2b55aa5e38e3c79cdc843985716a3c369d4649d17e88caa4f09a75e674a4cf
                                                        • Instruction ID: bd72986e613ee58c8e97987fbfa4bd5e2e592253cb016f602a46960a359ba81c
                                                        • Opcode Fuzzy Hash: 2d2b55aa5e38e3c79cdc843985716a3c369d4649d17e88caa4f09a75e674a4cf
                                                        • Instruction Fuzzy Hash: FB51D575B002199FCB44EF68D8509AF7BB6EFC9350B108569EA0A9B385DF309D42CBD1
                                                        Function 06AE9550 Relevance: 3.8, Strings: 3, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$$fq$$fq
                                                        • API String ID: 0-3194725900
                                                        • Opcode ID: 8ca07d92765020e57af7b80e9fe2514a248716e1507085e5cbdfb35fd7aa37a1
                                                        • Instruction ID: a85d2b2ee85680bf4c98037d662d205c9e7cb0ae9b0593e5c41f261ddcee8c4a
                                                        • Opcode Fuzzy Hash: 8ca07d92765020e57af7b80e9fe2514a248716e1507085e5cbdfb35fd7aa37a1
                                                        • Instruction Fuzzy Hash: AE21D4306083818FEBF8B71DC4E037B72A89B46301F540837E843CE691D25DD8C586E6
                                                        Function 0627B670 Relevance: 3.0, Strings: 2, Instructions: 466COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$d
                                                        • API String ID: 0-51203222
                                                        • Opcode ID: ac2ea3e65ed9ceb8ef2c75015b62b2a50b5a02b4753277e4dd8f8b6dbb4999b9
                                                        • Instruction ID: fa7bf0f49ac81f3f9b345575f46c2c18fb1f8c90674a3e4df2ed2fdb623fd0b6
                                                        • Opcode Fuzzy Hash: ac2ea3e65ed9ceb8ef2c75015b62b2a50b5a02b4753277e4dd8f8b6dbb4999b9
                                                        • Instruction Fuzzy Hash: 8C028B34A106068FC764CF29C48496ABBF2FF88311B15CA69D8AADB755DB30FC41CB90
                                                        Function 06270498 Relevance: 2.9, Strings: 2, Instructions: 374COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq
                                                        • API String ID: 0-2294966697
                                                        • Opcode ID: 0f5672c280b289fbf86ffcd92e8b0c098571a47575b40ae50a06c62649e96b8f
                                                        • Instruction ID: 3618fa72b8f7313922f63fa8faacc073d04f67211f65328038962447b127f245
                                                        • Opcode Fuzzy Hash: 0f5672c280b289fbf86ffcd92e8b0c098571a47575b40ae50a06c62649e96b8f
                                                        • Instruction Fuzzy Hash: 76F15974A1035A8FCB45DFA8C894A9DBBF2FF89300F148199E845AF255DB70ED45CB90
                                                        Function 0627BE10 Relevance: 2.7, Strings: 2, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,jq$4'fq
                                                        • API String ID: 0-1993457705
                                                        • Opcode ID: ccce54f9067d0bfe2b6af36b0fb117effc400f4e059e2aeed72e2b508e93d588
                                                        • Instruction ID: e88e40a92a1f3917ae5e84622c0dcb336920aece34a6d47e7de832e6d922ba9c
                                                        • Opcode Fuzzy Hash: ccce54f9067d0bfe2b6af36b0fb117effc400f4e059e2aeed72e2b508e93d588
                                                        • Instruction Fuzzy Hash: AC61E2757141159FCB48EF7CC89496EBBE6EFC8350710446AE90ACB356DE30EC4287A5
                                                        Function 06AE7988 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,jq$4'fq
                                                        • API String ID: 0-1993457705
                                                        • Opcode ID: e5192505c33c06bfe77b713e4d031b714e57df6e95ad6469833b4655467b0378
                                                        • Instruction ID: edec4471f54922097b2dc455750fee3e0cbbe836d7d219c9106b287c309dfaea
                                                        • Opcode Fuzzy Hash: e5192505c33c06bfe77b713e4d031b714e57df6e95ad6469833b4655467b0378
                                                        • Instruction Fuzzy Hash: 2D5191B5B001149FCB48EB6DD890A6EBBE6EFC9350714806AE90ADF395DE30DD0187A5
                                                        Function 06AECC72 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: sW4$W4
                                                        • API String ID: 0-1904016386
                                                        • Opcode ID: 62d864efe0f8b45297eab9feade486addd7723116205d49d77afc3e368a1e56a
                                                        • Instruction ID: 49b97c32389cf8c9788cc2bd80251a3b82c64e970c4acc61a7ef118339610659
                                                        • Opcode Fuzzy Hash: 62d864efe0f8b45297eab9feade486addd7723116205d49d77afc3e368a1e56a
                                                        • Instruction Fuzzy Hash: AF5138B26007009FC35AEB78D99155ABBF2EF85314314CE6ED44B8F651EF75A9068BC0
                                                        Function 06270D08 Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq
                                                        • API String ID: 0-2294966697
                                                        • Opcode ID: 9c7fd2bbedbec2603d09cd284efb39bf69ff0f5ba82aa8af285b762724535836
                                                        • Instruction ID: a128f309e71670e3a3b3bf38856f148dcf402699336a1e84adf47d4fe8b15bf0
                                                        • Opcode Fuzzy Hash: 9c7fd2bbedbec2603d09cd284efb39bf69ff0f5ba82aa8af285b762724535836
                                                        • Instruction Fuzzy Hash: F641D575B142548FDB55CF68C894BAEBBF2EF88310F248099E805AB351CE759D06CB90
                                                        Function 06AECCC8 Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: sW4$W4
                                                        • API String ID: 0-1904016386
                                                        • Opcode ID: d505885746da27a46bdd8450e948b4693f0647a562d04a71d126b723744ad4a1
                                                        • Instruction ID: 519a56faf75983d70e1e6cd6e54e74d4532138debf7246242e5a56b855f5b2ec
                                                        • Opcode Fuzzy Hash: d505885746da27a46bdd8450e948b4693f0647a562d04a71d126b723744ad4a1
                                                        • Instruction Fuzzy Hash: E251E4B26007009BC359EB35C99055ABBA2EF85314310CE6ED44B9B751EF35BA069FC0
                                                        Function 06AE21D0 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq$$fq
                                                        • API String ID: 0-2537786760
                                                        • Opcode ID: f7caaedb61d0bd7b3d46ecc68fe553e2cb2cd8b6ba610acdf83a2d1a6714b899
                                                        • Instruction ID: 0d4caeb1016895bb2d0fb2648a198d64a0cdbe363298ac605f185b193dac7a6f
                                                        • Opcode Fuzzy Hash: f7caaedb61d0bd7b3d46ecc68fe553e2cb2cd8b6ba610acdf83a2d1a6714b899
                                                        • Instruction Fuzzy Hash: E01196B0A38215CBE7686F94E01832A77BBBBE4700F10855AD44786E85CBF09E448BD1
                                                        Function 06277FB8 Relevance: 2.5, Strings: 2, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: pjq$pjq
                                                        • API String ID: 0-1000212271
                                                        • Opcode ID: bedf23f8b43142f5f2582312c84837e4a7854d016ad8ac64687da1f79342ea89
                                                        • Instruction ID: 2138cbe81b339f060c05bbf92f18cf5041a9f83c8f740bdc9082d463d9297947
                                                        • Opcode Fuzzy Hash: bedf23f8b43142f5f2582312c84837e4a7854d016ad8ac64687da1f79342ea89
                                                        • Instruction Fuzzy Hash: FBF06D363011046BD714AA6AAC80DAABB5AEFC5364B504039F9098B265C9729C05D7A0
                                                        Function 0627D9E1 Relevance: 2.5, Strings: 2, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq$$fq
                                                        • API String ID: 0-2537786760
                                                        • Opcode ID: 793111c9e8aead15a26adf819369bb650980b67dbea929f56b25fc65b06e7a26
                                                        • Instruction ID: 8871496e9e1f0b73957ab6d5933da4b83e14364c08060db3d17c395e2b0f5e96
                                                        • Opcode Fuzzy Hash: 793111c9e8aead15a26adf819369bb650980b67dbea929f56b25fc65b06e7a26
                                                        • Instruction Fuzzy Hash: 0FF03930B24048DFDB54CF18D484D997B72FF88394B60C425E9454B650D730E981CBC1
                                                        Function 06AE6148 Relevance: 2.5, Strings: 2, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq$$fq
                                                        • API String ID: 0-2537786760
                                                        • Opcode ID: 917056eaafca8f606c4c732e8a7afebd4767ef8e6274ef82825f3228ba13e9cd
                                                        • Instruction ID: 6bf1cf31b2627985f4043d7bc29dabad6fb4adc5b6552f5e9b2d7c886ec4cbd8
                                                        • Opcode Fuzzy Hash: 917056eaafca8f606c4c732e8a7afebd4767ef8e6274ef82825f3228ba13e9cd
                                                        • Instruction Fuzzy Hash: 50E01261A1A3C95FD7676FB49D251513FB92B5354078910D78090CF0E3DA149944C737
                                                        Function 05397148 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2942132361.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5390000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75b11bb62d25577d22798ca5fa752ada79e89d3ba4a5c0a5e450c9db6547311a
                                                        • Instruction ID: 3e8cfd0c5c1a1c6c50d26ab23e92e2467342f8b3ebd7ea35ec97de37549a2522
                                                        • Opcode Fuzzy Hash: 75b11bb62d25577d22798ca5fa752ada79e89d3ba4a5c0a5e450c9db6547311a
                                                        • Instruction Fuzzy Hash: 934136B2D143959FCB04CFA9D84029EBFF4EF8A320F15856AE408E7241DB749885CB90
                                                        Function 06E303EC Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06E3050A
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3235858454.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6e30000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: d1ce581c4b0c9ec782c5a76cfacfaafc8932db46a6afdc27cd40f2747eb4575c
                                                        • Instruction ID: 9645b7b03bb04934a82b1db57f56a63857b4846a97862f9e3c0a220811365cb5
                                                        • Opcode Fuzzy Hash: d1ce581c4b0c9ec782c5a76cfacfaafc8932db46a6afdc27cd40f2747eb4575c
                                                        • Instruction Fuzzy Hash: F651B2B1D00319AFDB14CF99C884ADEFBB5FF48314F24912AE819AB210D775A945CF90
                                                        Function 06E303F8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06E3050A
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3235858454.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6e30000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 18ebcaa0a4d3dda61578a0958c82f60df9946216c2a6a08f2858b0c909a06efd
                                                        • Instruction ID: 1deecfb670453bf6a328123c43b83965b309fa1783e54b07f6550ca33e84edd1
                                                        • Opcode Fuzzy Hash: 18ebcaa0a4d3dda61578a0958c82f60df9946216c2a6a08f2858b0c909a06efd
                                                        • Instruction Fuzzy Hash: 9B41A0B1D00319AFDB14CF99C984ADEFBB5FF48314F24912AE819AB210D775A945CF90
                                                        Function 06277990 Relevance: 1.6, Strings: 1, Instructions: 343COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `Qfq
                                                        • API String ID: 0-1673126163
                                                        • Opcode ID: 606035b6a6677cb4987c088cad0061a54f2b89cbf4bc6e8fd530c49e60b9917c
                                                        • Instruction ID: 70f7c73a3971311076363c48ee29ebd06932adfdf6be44ac6352aa5eeec219bc
                                                        • Opcode Fuzzy Hash: 606035b6a6677cb4987c088cad0061a54f2b89cbf4bc6e8fd530c49e60b9917c
                                                        • Instruction Fuzzy Hash: FEB1D270B102068FDB18DF79D890A6EBBB6EFC8310B14856AD909CB295DF30EC41C7A1
                                                        Function 06E311C8 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 06E31289
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3235858454.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6e30000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: CallProcWindow
                                                        • String ID:
                                                        • API String ID: 2714655100-0
                                                        • Opcode ID: 7b6e306c1011d7a2532c77512c6def26168589d2dcaf4eeb0f13c2b49ef3ffb5
                                                        • Instruction ID: ff29b96c809b77d06b5c745f86ebdf9b50b3d08691aa61da76cf91557cbf84d8
                                                        • Opcode Fuzzy Hash: 7b6e306c1011d7a2532c77512c6def26168589d2dcaf4eeb0f13c2b49ef3ffb5
                                                        • Instruction Fuzzy Hash: B84136B4900309CFDB54CF89C988AAABBF5FF89314F24C459D519AB321D375A841CFA0
                                                        Function 06274C70 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (Akq
                                                        • API String ID: 0-2492550396
                                                        • Opcode ID: 8b424aba6156c95e2b1d7336fccda0ef03217dec2b8cba54ebd3e71f8ed66319
                                                        • Instruction ID: 94c266735048465e0a9064dd573f5d579b3e22273c35f22f19a2bd1daed9d608
                                                        • Opcode Fuzzy Hash: 8b424aba6156c95e2b1d7336fccda0ef03217dec2b8cba54ebd3e71f8ed66319
                                                        • Instruction Fuzzy Hash: FCC12D70F20219DFDB54EFA5D994AAEBBB6AF88304F144429D802EB395DF749C01CB91
                                                        Function 027CD630 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 027CD6BF
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2871127368.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_27c0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 1ec4d654511e81523925ad031989a20c358f71acd1ac679a0fdd4ae30b6d5821
                                                        • Instruction ID: c34216104f1fd461420ee15fd80c851de88699feb9c110333f7564fde7317e85
                                                        • Opcode Fuzzy Hash: 1ec4d654511e81523925ad031989a20c358f71acd1ac679a0fdd4ae30b6d5821
                                                        • Instruction Fuzzy Hash: 342105B5D002099FDB10CFAAD584ADEBBF4EB48320F24842AE918A3710D378A944CF64
                                                        Function 027CD638 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 027CD6BF
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2871127368.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_27c0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 01de3272669f604b00a02547af0b651640e5c153afe1a7b06b3cc3a4f7985f8a
                                                        • Instruction ID: c209b69e5f501b13bef107dab63e8a9f606220a823c9f2a73edbc2557bc5d02f
                                                        • Opcode Fuzzy Hash: 01de3272669f604b00a02547af0b651640e5c153afe1a7b06b3cc3a4f7985f8a
                                                        • Instruction Fuzzy Hash: C521E6B59002089FDB10CFAAD584ADEFFF5EB48324F24841AE918A3310D374A954CF64
                                                        Function 027CE020 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoA.USER32(00000057,00000000,?,?), ref: 027CE090
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2871127368.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_27c0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: InfoParametersSystem
                                                        • String ID:
                                                        • API String ID: 3098949447-0
                                                        • Opcode ID: d7aa12047d66943523e7fe5f02fee14aaddaab788d7f8196ae71a81515d73a3b
                                                        • Instruction ID: 3aaad64a62fbf05b58e0180074de0f5fdbbf616c96e9c140b3803a31f2e2c396
                                                        • Opcode Fuzzy Hash: d7aa12047d66943523e7fe5f02fee14aaddaab788d7f8196ae71a81515d73a3b
                                                        • Instruction Fuzzy Hash: 451149B1800249CFDB20CF9AC484BDEFFF4EB48324F248429E558A3650D379A945DFA0
                                                        Function 027CD1CC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoA.USER32(00000057,00000000,?,?), ref: 027CE090
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2871127368.00000000027C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_27c0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: InfoParametersSystem
                                                        • String ID:
                                                        • API String ID: 3098949447-0
                                                        • Opcode ID: 2da8e54fd7ef79180385d61ff2a87fc6f284002578669fb0be45b6a5d0cf713c
                                                        • Instruction ID: 5654a2f9b7f5e518efc9e57154568c1cfb78f40a0b355017fe5c2e1a6c6d01ec
                                                        • Opcode Fuzzy Hash: 2da8e54fd7ef79180385d61ff2a87fc6f284002578669fb0be45b6a5d0cf713c
                                                        • Instruction Fuzzy Hash: 94116A718002099FCB20CF9AC444BDEFFF4EB48320F208429E918A3241D375A944DFA0
                                                        Function 05397230 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalMemoryStatusEx.KERNELBASE ref: 05397297
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2942132361.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5390000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemoryStatus
                                                        • String ID:
                                                        • API String ID: 1890195054-0
                                                        • Opcode ID: 71987e79ab814ebd0ec3393bfeee8ee30e37bef196b9de00270d7b84c8b7f813
                                                        • Instruction ID: 88d5a3030119bf012c45fa97d6ca1c024c763da66a54c2edef36589824ae7c42
                                                        • Opcode Fuzzy Hash: 71987e79ab814ebd0ec3393bfeee8ee30e37bef196b9de00270d7b84c8b7f813
                                                        • Instruction Fuzzy Hash: 7B1112B1C1025A9BDB10CF9AC545B9EFBF4FF48320F24816AE818A7240D778A944CFA5
                                                        Function 06276608 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \;fq
                                                        • API String ID: 0-2617567484
                                                        • Opcode ID: 9b157eb59d8d47348903429e648dedb6ff13c238a02e5fc812aa41a0cbeb330f
                                                        • Instruction ID: fb75dd6746740be766399d2af13f7b11e598af9c9102de32d6d6acfbce56a309
                                                        • Opcode Fuzzy Hash: 9b157eb59d8d47348903429e648dedb6ff13c238a02e5fc812aa41a0cbeb330f
                                                        • Instruction Fuzzy Hash: 63B15F34A2061ACFDB54DF64C885AADBBB1FF45301F0085A9EC45AB351EF70E985CB90
                                                        Function 06AE1030 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: c7d766ed3565b53e5eabce531e7d653f4ba5ea42b0b02752963bdee78b1e1d93
                                                        • Instruction ID: c6c8c6114c47914cd817725c652babb622a15b47f2921d578ae06ad117d3819e
                                                        • Opcode Fuzzy Hash: c7d766ed3565b53e5eabce531e7d653f4ba5ea42b0b02752963bdee78b1e1d93
                                                        • Instruction Fuzzy Hash: 95617D35B102649FDB54EF78C898B6E7BF2AF89710F1541A9E906DB3A1DB309C01CB90
                                                        Function 06AE9D98 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (
                                                        • API String ID: 0-3887548279
                                                        • Opcode ID: 50c009900ad1c71fd4bd0436ad4077550bb14bc151a96d980183fe6d5511ffb0
                                                        • Instruction ID: 76d5851250dfec038e586738e80fad8c462134928ac7978e2d1eb3de52428f5a
                                                        • Opcode Fuzzy Hash: 50c009900ad1c71fd4bd0436ad4077550bb14bc151a96d980183fe6d5511ffb0
                                                        • Instruction Fuzzy Hash: DF51CB317007058FCB25DF55E8889ABBBA6FF89311F188466FB05CB261CB71D891DB90
                                                        Function 06AE0BD3 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: 201be840f079b5b27967f9929f6574c152950efb073e7d08af72dea2a531bbed
                                                        • Instruction ID: ea4d2c4d0cba2ce4494512d9b3573a3c11fe26beada28b196ea965d8cd800685
                                                        • Opcode Fuzzy Hash: 201be840f079b5b27967f9929f6574c152950efb073e7d08af72dea2a531bbed
                                                        • Instruction Fuzzy Hash: ED51D035B10208DFCB45EFB8D8948ADBBB6FF89300F11416AE506EB361DB30A905CB90
                                                        Function 06272F50 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: ca554e8b41280dfb995a819ebd4b08125303c260918754cc70d5f62ad388e1ba
                                                        • Instruction ID: 5856ffee674578ca05eae383638e8706880a3ad4ecc837c34cf830719111473f
                                                        • Opcode Fuzzy Hash: ca554e8b41280dfb995a819ebd4b08125303c260918754cc70d5f62ad388e1ba
                                                        • Instruction Fuzzy Hash: 1451F4357146418FC725DF34D494A6AFBF2EFC5310B1886A9D84A8B762CE31EC06CB91
                                                        Function 06274EA8 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (Akq
                                                        • API String ID: 0-2492550396
                                                        • Opcode ID: 29362094f93a1f5899100dbff20f6254ea282add10af98f8d146e7aa62ef345a
                                                        • Instruction ID: 39c1a1ca4d56bfb656c2a8b0a3e6e2ec69df50b542e30c76b331aa54c85dfbe4
                                                        • Opcode Fuzzy Hash: 29362094f93a1f5899100dbff20f6254ea282add10af98f8d146e7aa62ef345a
                                                        • Instruction Fuzzy Hash: E3416070B20215DFDB58EF68D894A6EBBF2BF88345B104529E852AB355DF709C01CBD1
                                                        Function 06274EB8 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (Akq
                                                        • API String ID: 0-2492550396
                                                        • Opcode ID: c7ff11076f3ba945b3b81cd2cf09e7af2016346ab74137c3066fe2817914a120
                                                        • Instruction ID: 549bba3687736d64d20af73f446f7fffd9c0f044a674af1343e45cbf3f64f46d
                                                        • Opcode Fuzzy Hash: c7ff11076f3ba945b3b81cd2cf09e7af2016346ab74137c3066fe2817914a120
                                                        • Instruction Fuzzy Hash: BE413E70B20215DFDB58EF69D894A6EBBB2BF88345F104529E812AB391DF749C01CBD1
                                                        Function 06275508 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: b175e1246da7f8676b5b10f508b3337c519196d3f3a593f122c14be37b91aca2
                                                        • Instruction ID: 675370b82134edd6b6b5b27feccdf36639105523b6f4998ed9f7b6245c555a1f
                                                        • Opcode Fuzzy Hash: b175e1246da7f8676b5b10f508b3337c519196d3f3a593f122c14be37b91aca2
                                                        • Instruction Fuzzy Hash: 1931EE75B102168FCB48DB6DD894A6FBBA6EFC43107248429E906EB354EF309D018BD0
                                                        Function 06AE0A01 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: b52c92687f5150debfa55adaa1ff315063b52ac11daf5f4d09b77366a4a7cae4
                                                        • Instruction ID: 30964efe7d3aca00775fb076aaa4ec2fd3e317c833dfb26e0e5cd879bc30152b
                                                        • Opcode Fuzzy Hash: b52c92687f5150debfa55adaa1ff315063b52ac11daf5f4d09b77366a4a7cae4
                                                        • Instruction Fuzzy Hash: C931B031B002188FCB55AF78C458A9EBBF6EF89310F1944AAE546EB355CF749C06CB91
                                                        Function 06AE9668 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $fq
                                                        • API String ID: 0-12477121
                                                        • Opcode ID: 2fcc46599fc1cbc2d0428265e91b32683176d2e072addbb93338a59beccfcd6f
                                                        • Instruction ID: 3cdc7bd1734fde22a538fa765319c7cf66db8b76e0e2fd32973a024b60f6f101
                                                        • Opcode Fuzzy Hash: 2fcc46599fc1cbc2d0428265e91b32683176d2e072addbb93338a59beccfcd6f
                                                        • Instruction Fuzzy Hash: 5E319431B606108FDB98EF29C894A6A77FAAF48B14B11409AE506DF3B1DE61DC01CB91
                                                        Function 06AE7A88 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'fq
                                                        • API String ID: 0-2007657732
                                                        • Opcode ID: c78107f5f90ae5e3fbf1b1e533291a0731db0bda8ea1f7a02554c3e81d9ba6d0
                                                        • Instruction ID: d3c22b3daca57589d27244b2db9ac292bb49c15e31d7f1e4aacf82910bf59e6e
                                                        • Opcode Fuzzy Hash: c78107f5f90ae5e3fbf1b1e533291a0731db0bda8ea1f7a02554c3e81d9ba6d0
                                                        • Instruction Fuzzy Hash: 22214C75B102149FCB48EB7DC494A2EBBE6AFCC760B158469A90ACB3A5DE30DC41C794
                                                        Function 06277EA2 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'fq
                                                        • API String ID: 0-2007657732
                                                        • Opcode ID: d36d0bf0b7b2f062e3520b7bccac6ee3cacf3671166c0ef2b254ff271f273159
                                                        • Instruction ID: e28471ec63525f38ea55af23ec5823dd1ce039ef91b906cabd4e3c8c7eaaed72
                                                        • Opcode Fuzzy Hash: d36d0bf0b7b2f062e3520b7bccac6ee3cacf3671166c0ef2b254ff271f273159
                                                        • Instruction Fuzzy Hash: BB21FB71B092815FD7419B78886466E7FB6EFCA300B15049BD485DB3A2CF308C05C762
                                                        Function 06AEA180 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PHfq
                                                        • API String ID: 0-2154135885
                                                        • Opcode ID: 79a604728cb6972a7e73fe232e4f100a310c3079ab87eecc63bf2ce10264b3dc
                                                        • Instruction ID: 21697bf77c3961cd1b51efc6d34b898761a5622bed5272ed4386a2d4f101b2f7
                                                        • Opcode Fuzzy Hash: 79a604728cb6972a7e73fe232e4f100a310c3079ab87eecc63bf2ce10264b3dc
                                                        • Instruction Fuzzy Hash: 5F214831B001099FCB54EF99E9586AE77FAFF88311F104069EA06E7290DF759D01DBA0
                                                        Function 062719C8 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \;fq
                                                        • API String ID: 0-2617567484
                                                        • Opcode ID: 70bc17cd30784bd6bef126057073a1582e1661cabe2df6545cbfdb7532a2ee05
                                                        • Instruction ID: d15949484388a4dc4b44a7213e96350be0187267fd807e985314b28f982f8357
                                                        • Opcode Fuzzy Hash: 70bc17cd30784bd6bef126057073a1582e1661cabe2df6545cbfdb7532a2ee05
                                                        • Instruction Fuzzy Hash: 5B11E9317142014F97549AAEA884AABF7DEEFC8264318803BE90EC7744EE71EC0183A0
                                                        Function 06273B40 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: 07c53baf15b916b85e2f9f57dedcb779dfafd81433ea894ecca1c57233058821
                                                        • Instruction ID: 2a65e3dbe3c7d709f8bfa784cec7c69e3cb2aa374115b99f50a4129a59aa2e43
                                                        • Opcode Fuzzy Hash: 07c53baf15b916b85e2f9f57dedcb779dfafd81433ea894ecca1c57233058821
                                                        • Instruction Fuzzy Hash: 45112231B192458FC71AEB78E85567C3BB2DFC1321B1840EAE449CB392CE388D06D391
                                                        Function 06277EF0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'fq
                                                        • API String ID: 0-2007657732
                                                        • Opcode ID: ba27e96c8498e53554e1ab5675c73e5b584cf423d4c725831948beeda0cc34dd
                                                        • Instruction ID: 36795e4d5026bfaa9de660bc8c76f6119269d9b4e17a4e3ea6568c00c2c2cfa9
                                                        • Opcode Fuzzy Hash: ba27e96c8498e53554e1ab5675c73e5b584cf423d4c725831948beeda0cc34dd
                                                        • Instruction Fuzzy Hash: 9B114FB1B101144FC754ABBD8895A7E7BFAAFCD710B50086AE50AD73A1DE309C419BA2
                                                        Function 06277FAA Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: pjq
                                                        • API String ID: 0-551751012
                                                        • Opcode ID: 4f24fc3a8e82070c9b5bcb2857ee7a6da88916b22de5eab1667bc32e5e3c50b1
                                                        • Instruction ID: 7eb38c4b2e0008a9a0c87ec7064ba00f78dad944228a8965aa1fd360ead28914
                                                        • Opcode Fuzzy Hash: 4f24fc3a8e82070c9b5bcb2857ee7a6da88916b22de5eab1667bc32e5e3c50b1
                                                        • Instruction Fuzzy Hash: 2111E1317002019FD7249F799A90A7EBBAAEFC5320F54047BED49CB295CA31CC00C761
                                                        Function 06AEA0A1 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: bd3a41a3dc58dc612cae03f0d51f231cbdc6ed14e6aacd5b171934e4dd1a322d
                                                        • Instruction ID: 8547f9149fa720455f1bd05e2381617b27537b3436afa7e7d67d44442a791cbc
                                                        • Opcode Fuzzy Hash: bd3a41a3dc58dc612cae03f0d51f231cbdc6ed14e6aacd5b171934e4dd1a322d
                                                        • Instruction Fuzzy Hash: DD1129327082905FC71A9739A81459E3FB6DFC631071A04EEFA45CB353DE605C46C7A5
                                                        Function 06275F60 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,jq
                                                        • API String ID: 0-1538246120
                                                        • Opcode ID: c79babb2a546897ea7822ac985203edb89a5a5e98db42c108dea01375c831c0b
                                                        • Instruction ID: 2bbc4c8aed381fe02a9ec9f5a01002d6513a87e67da66968a5ce83983857e4e2
                                                        • Opcode Fuzzy Hash: c79babb2a546897ea7822ac985203edb89a5a5e98db42c108dea01375c831c0b
                                                        • Instruction Fuzzy Hash: 6001A7363211104F8B046ABEE418A797BDAAFC5662714407AFA09C7790DE24DC41C791
                                                        Function 06271A70 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-2599400749
                                                        • Opcode ID: 12b88b80ccee241f4cde1a395cdab2898bf6bdd5b0741261d64f748afc0a6794
                                                        • Instruction ID: 77a9f55725398527e4ec36f727e78d4d4cd1417382a6f88ac75628f6df2cd008
                                                        • Opcode Fuzzy Hash: 12b88b80ccee241f4cde1a395cdab2898bf6bdd5b0741261d64f748afc0a6794
                                                        • Instruction Fuzzy Hash: 7F114FB0E0420DAFCB48EFB8D9959ADBBB2FF85204F504A9AD005AB245DA715E04DF91
                                                        Function 06271A80 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-2599400749
                                                        • Opcode ID: e1f8045c4a9114ad1119ff741bc234ff7c0aaeceef6292ca0dc4878082f5282f
                                                        • Instruction ID: 1d37e5f339047c4e2f1c27c41c491f44ae1f49a15bc9eda804f3ec844a2d683d
                                                        • Opcode Fuzzy Hash: e1f8045c4a9114ad1119ff741bc234ff7c0aaeceef6292ca0dc4878082f5282f
                                                        • Instruction Fuzzy Hash: 851152B0E0020DAFCB48EFB8D98596DB7B2FF84200F504A99D405AB345DA705E04DF81
                                                        Function 06275F50 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,jq
                                                        • API String ID: 0-1538246120
                                                        • Opcode ID: eecfad18f667724706790ecbf0ca37b39d83bba95edc5d61026778a83adbdac7
                                                        • Instruction ID: 4887f145af7672ec6e565123cab6e1d2626d1b8e41ddc3d58339474fb111f0c4
                                                        • Opcode Fuzzy Hash: eecfad18f667724706790ecbf0ca37b39d83bba95edc5d61026778a83adbdac7
                                                        • Instruction Fuzzy Hash: 4DE086357192961FC70316B958216A76FEA5FC715231A45ABF944D7145CD24CC02C3A2
                                                        Function 06AE6190 Relevance: .3, Instructions: 313COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f3d2c594b47bafff24541e7b45021cadd7b4bf68f2cd22ab02f0bf7727ebc4e3
                                                        • Instruction ID: 515b30c7dc4d9bdbc8543c8bd45066b08c5ba50b1bf3d6a3445a264449da830d
                                                        • Opcode Fuzzy Hash: f3d2c594b47bafff24541e7b45021cadd7b4bf68f2cd22ab02f0bf7727ebc4e3
                                                        • Instruction Fuzzy Hash: 7BB193307047118FDBA46B28D5A863EB7B3FBA4705B149C1AD9438B385CBB5EC42CB91
                                                        Function 06270496 Relevance: .3, Instructions: 289COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7a32ab0f8697170a43c0e90dddb0b826cafc034a14651d57aacfe7751b4fde3
                                                        • Instruction ID: 7a4dd33c71e61d70bb80d49c9bde2f79976d322f4b6b205221d7315b04decb71
                                                        • Opcode Fuzzy Hash: f7a32ab0f8697170a43c0e90dddb0b826cafc034a14651d57aacfe7751b4fde3
                                                        • Instruction Fuzzy Hash: 0FD11774E1035A8FCB45CFA8C898A9DBBB2BF89300F148155E804AF265DB70ED85CB90
                                                        Function 0627AAE0 Relevance: .3, Instructions: 279COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c44e7fe42f2b935cf54ec1f0220a5c97a64e352341ba2d7be0d05dd4ed3cc78e
                                                        • Instruction ID: 7041cfc99ac70e4539524068439e9d5658db93dc92d2fe8728a17e2995a15194
                                                        • Opcode Fuzzy Hash: c44e7fe42f2b935cf54ec1f0220a5c97a64e352341ba2d7be0d05dd4ed3cc78e
                                                        • Instruction Fuzzy Hash: 6AA1AE357102059FCB55DF68D894AAEBBB6FF89321F108569F906CB391CB31E815CB90
                                                        Function 06AE8F45 Relevance: .3, Instructions: 278COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2047f191ebcc118090baa8216fc2c97a4d495fa942de886b1edb626cf8e6d9b
                                                        • Instruction ID: a85a77d208748b01cb67b97ffdfb6cb5affa1b324401fef574eb63a5e1114590
                                                        • Opcode Fuzzy Hash: a2047f191ebcc118090baa8216fc2c97a4d495fa942de886b1edb626cf8e6d9b
                                                        • Instruction Fuzzy Hash: 58A19E34700711CFDBA8AB68C89467FB7B7AF94701F14845AD9028B391DBB9DC42CB91
                                                        Function 0627440F Relevance: .3, Instructions: 274COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f968a6ea4b3bdc01f8c3d3fd5531b4d1653fd8c44144e83581b62a5d390f01d
                                                        • Instruction ID: 8aa9018cd6d9d04d1e75f8e5f14325c803b566589fc9d8a48160d334e1e5754b
                                                        • Opcode Fuzzy Hash: 3f968a6ea4b3bdc01f8c3d3fd5531b4d1653fd8c44144e83581b62a5d390f01d
                                                        • Instruction Fuzzy Hash: 51A14C79B102158FCB48EF68D49496EBBF6FF88714B1145A9EA06CB362DE70DC41CB60
                                                        Function 062728B8 Relevance: .3, Instructions: 273COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b23f1346419609d5667d4198b51fb64450870b04fe64120a95b20e3ed7fdbb47
                                                        • Instruction ID: 8b2545e9ab39be8c2ce5e48f0ab5d70ef47c4a888a6c1a864e7871233e0e2e2d
                                                        • Opcode Fuzzy Hash: b23f1346419609d5667d4198b51fb64450870b04fe64120a95b20e3ed7fdbb47
                                                        • Instruction Fuzzy Hash: 02B15A74B106018FCB19DF64D594A6EBBF2FF88304B148969E8068B365EF34ED42DB91
                                                        Function 06AE8A90 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56023f0d01d7d76b8f33bc400941a9d85cc113115d4b5ec2475e06d97f4b570f
                                                        • Instruction ID: ee19dc2e03a8b986f815b8c44d27ebfbf154455f3e25ac116bd9f6ebdd49bcc5
                                                        • Opcode Fuzzy Hash: 56023f0d01d7d76b8f33bc400941a9d85cc113115d4b5ec2475e06d97f4b570f
                                                        • Instruction Fuzzy Hash: C2918234704610CFDBA4BB28D59862EB7F6FB85701F15891AD903CB295CBBCEC428B85
                                                        Function 06AE3584 Relevance: .3, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4a9810ad093651d3bc8848b051350483e3f0f2c22e9bf83d15f8c9c2a758187f
                                                        • Instruction ID: 0748e6b8656c947c753dfab13ab69be1d36a48b887193257331598a22519ed46
                                                        • Opcode Fuzzy Hash: 4a9810ad093651d3bc8848b051350483e3f0f2c22e9bf83d15f8c9c2a758187f
                                                        • Instruction Fuzzy Hash: 65B14874A00216CFDB50EFA9C984AAEBBF1FF48304F20852AD8569B255DB75E845CF90
                                                        Function 06279E90 Relevance: .3, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d56761052e456e4fe0cf5829ab2cc8af7fffacd5f374f6fe7de5e7f5005a45a0
                                                        • Instruction ID: c49503efaec4b5eb95468e9197d4981daaed5a12e87109d1f75e304bd80ca08f
                                                        • Opcode Fuzzy Hash: d56761052e456e4fe0cf5829ab2cc8af7fffacd5f374f6fe7de5e7f5005a45a0
                                                        • Instruction Fuzzy Hash: EC915C74A3021AEFDB949E65C844DBF7BB6FF88360B104829FD069B250DA71DD80CB91
                                                        Function 06AEFA98 Relevance: .2, Instructions: 244COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3298426a203da2dc1baee6b9d102255bfb8f62a265b7062689497df2a66943af
                                                        • Instruction ID: c17bd1a0e6fa804f51986a85178add3fdc71597042cceeee092c9f6c00ffc46c
                                                        • Opcode Fuzzy Hash: 3298426a203da2dc1baee6b9d102255bfb8f62a265b7062689497df2a66943af
                                                        • Instruction Fuzzy Hash: 8E9139B0A007019FCB98EF79C89052EBBF6FF882147148A69D406DB755EB74E941CB91
                                                        Function 06274B01 Relevance: .2, Instructions: 231COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22c07cb864a0c0cf7affcd9f962ac3728ee73ba4c16605af9e2409123c945f45
                                                        • Instruction ID: 8970dce7339fadd632a7b69427b51dfe63eccc195ba31d8231cdfa4faa07b052
                                                        • Opcode Fuzzy Hash: 22c07cb864a0c0cf7affcd9f962ac3728ee73ba4c16605af9e2409123c945f45
                                                        • Instruction Fuzzy Hash: 589135B6D213489FC725EF64C881B9E7FF0EF84300B1949AADA459B362E6319C05CBC0
                                                        Function 0627A1B8 Relevance: .2, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f51f6c6c519f65aff19d522a2d366a54b90bb617c56451f080be3413fce35515
                                                        • Instruction ID: 28bcc79c413cf5e2f5b5c5faa9718451e964eac15ce7b7cbd1b6a6537ad073cc
                                                        • Opcode Fuzzy Hash: f51f6c6c519f65aff19d522a2d366a54b90bb617c56451f080be3413fce35515
                                                        • Instruction Fuzzy Hash: A6A1B235A10219DFDB45DFA4D998EAEBBB2FF48311F148059E902A7360CB31EC52DB90
                                                        Function 06AE27C8 Relevance: .2, Instructions: 196COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5f8db786238cddf1efa5a430f568552300898cf85d36050dffdc1ca54371a41d
                                                        • Instruction ID: ec8c1ca695c9df6b6208b4fcc1978cad8970c05790376470165bf35bdfbc8132
                                                        • Opcode Fuzzy Hash: 5f8db786238cddf1efa5a430f568552300898cf85d36050dffdc1ca54371a41d
                                                        • Instruction Fuzzy Hash: 99613F31B002199FCB45EFA5D8949AEBBBAFF88300B144529EA06DB355DB70DD46CF90
                                                        Function 06272838 Relevance: .2, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb130f2443f6dc5786ead2c30794ca74eebdcffcf303593c2a1efe6c6ee12913
                                                        • Instruction ID: dd7dac50d0b3cb1d6915a0536b72f3d8098fde0639ab93f8c7096aa5f2b804eb
                                                        • Opcode Fuzzy Hash: eb130f2443f6dc5786ead2c30794ca74eebdcffcf303593c2a1efe6c6ee12913
                                                        • Instruction Fuzzy Hash: 60818B74A10602CFCB19DF68D59496EBBF2FF88300B148A69E8468B355EF34E945CB91
                                                        Function 062728A8 Relevance: .2, Instructions: 192COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38526e40c5bdbbda71126c6ea9921a271520e150a7e23102a2f20ccaaf0c58ec
                                                        • Instruction ID: 64cfc92c3a40cc8ddd6beb4c432a96eb6c7fcec89f358ecebe1842c397c7eb42
                                                        • Opcode Fuzzy Hash: 38526e40c5bdbbda71126c6ea9921a271520e150a7e23102a2f20ccaaf0c58ec
                                                        • Instruction Fuzzy Hash: 71718A74B106068FCB09DF28D49496EFBF2FF88300B148A69E8468B355EF34E941CB91
                                                        Function 06AEF018 Relevance: .2, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4619f1fffdd837f4d9d0e40548f9e2690c98a91110442b04fa637e1ba4f592f1
                                                        • Instruction ID: fa5c55e83886d90740430b45612e464fdf55139a7e0a8c9366cec3815ce0c80b
                                                        • Opcode Fuzzy Hash: 4619f1fffdd837f4d9d0e40548f9e2690c98a91110442b04fa637e1ba4f592f1
                                                        • Instruction Fuzzy Hash: 21711675E002198FDF55EFB4D8585ADBFB2FF88300F148129E506AB264DB74994ACF41
                                                        Function 06271658 Relevance: .2, Instructions: 186COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71d54641840a8dbb255b5a7fb69ed5797543df93d72584cf0077a48162861ae6
                                                        • Instruction ID: 139d9d5aa8161d7216ea46314299f314e13e31c7d8ff1d58e0066b3f255e237e
                                                        • Opcode Fuzzy Hash: 71d54641840a8dbb255b5a7fb69ed5797543df93d72584cf0077a48162861ae6
                                                        • Instruction Fuzzy Hash: B6510A34B201028FEB989F29D498D2A77F6BF8965532981A9E806CF375DF71DC11CB80
                                                        Function 06AE1FE0 Relevance: .2, Instructions: 185COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 491f9002776d7bede3744e2d644a9090f861697e96b1d14e37d8a6172708a5c7
                                                        • Instruction ID: f559feee59dc9c7b4e0ee42ff5a14c51936f0d775440dd051e1db76a8aeb6309
                                                        • Opcode Fuzzy Hash: 491f9002776d7bede3744e2d644a9090f861697e96b1d14e37d8a6172708a5c7
                                                        • Instruction Fuzzy Hash: F561BE71B007059FD724DBA9C890B6BB7F6EF84314B14842DE646CB750DB71E905CBA0
                                                        Function 06AE6181 Relevance: .2, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 26380f5b533e559e1c7c110d7da9343a017a01e75c3c8218cc0d98300d427797
                                                        • Instruction ID: cb755bd628078e7769b69d851665fb7cf5350ffdaec002131c18a311969f0af3
                                                        • Opcode Fuzzy Hash: 26380f5b533e559e1c7c110d7da9343a017a01e75c3c8218cc0d98300d427797
                                                        • Instruction Fuzzy Hash: C861B4307047108FD7A4AB25D4A862EB7F2FB94301B14AC5ED9438B746DBB4EC42CB91
                                                        Function 06AEC980 Relevance: .2, Instructions: 182COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5efb3494f9f042fa3bade90047101c76ef8101567d9568d324bfb621d8996567
                                                        • Instruction ID: 90c4c3de8908417165d3d32055b510d1feff879f8dd4356e5be6f17943ead070
                                                        • Opcode Fuzzy Hash: 5efb3494f9f042fa3bade90047101c76ef8101567d9568d324bfb621d8996567
                                                        • Instruction Fuzzy Hash: 947126B16017009FC39AEF24CA9045ABBB2EF85310754DE2E94478FA51EF75BA469BC0
                                                        Function 06275258 Relevance: .2, Instructions: 181COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a69731b67bed7d8ec18b932dbca76a2ba0ffe468f0db993237a74e12b684ad2c
                                                        • Instruction ID: 0ef8f18265e825a843fed3c36cb7684c7a7ab9d3584a9437e0e29f87a0ffc7c7
                                                        • Opcode Fuzzy Hash: a69731b67bed7d8ec18b932dbca76a2ba0ffe468f0db993237a74e12b684ad2c
                                                        • Instruction Fuzzy Hash: 9761A531B102059FCB44EF65D994B6EB7F2AF88701F208429D906EB3A4DF749D01DB91
                                                        Function 06AEC990 Relevance: .2, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 53e1e60d3d1bdb3d96d4623729991d4bca3c2f3e34fc0af200d0ba622dd428d8
                                                        • Instruction ID: 935d3aeab7ad8ed5c0f3d29058829ff8d4f876a5d143521254f9a82bceea4e94
                                                        • Opcode Fuzzy Hash: 53e1e60d3d1bdb3d96d4623729991d4bca3c2f3e34fc0af200d0ba622dd428d8
                                                        • Instruction Fuzzy Hash: 387116B16017009FC399EB25CA8045ABBB2EF85310754EE2E94478FA51EF71BA469BC0
                                                        Function 06AE5C81 Relevance: .2, Instructions: 179COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f80b70ab62ca260e9436ce816515ee75fa9885391e637157fc780acbfaec146
                                                        • Instruction ID: fc8c1ea6047827c23720b97c9c7d89327d3c6a63ec7bc90d29fb0508dce85b57
                                                        • Opcode Fuzzy Hash: 3f80b70ab62ca260e9436ce816515ee75fa9885391e637157fc780acbfaec146
                                                        • Instruction Fuzzy Hash: 8B615175B001099FDB50DFA4D894AAFBBFAEF88314F148429EA15DB251DB31E911CBA0
                                                        Function 06AE1730 Relevance: .2, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba958320b120302bd21c7269ed4a176f0aac772ad6dc5178a16d78bdba7dbfba
                                                        • Instruction ID: 8b5b89915ea0cbaaaa5ee503b70a87cfe1f281d72b56dcd8b61a8280914cb97a
                                                        • Opcode Fuzzy Hash: ba958320b120302bd21c7269ed4a176f0aac772ad6dc5178a16d78bdba7dbfba
                                                        • Instruction Fuzzy Hash: 19513835B202248FCB48EF69D89886DB7B6FF89B1571541AAE506CF361DB70EC05CB90
                                                        Function 06AEE3F0 Relevance: .2, Instructions: 169COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 933927f152400057bd14a278640b30f9a4e90d871ccea6ae04b6c52f0a8d7966
                                                        • Instruction ID: b3fcd6cd61cfd31ea77592281c14269409a0946417a3e03ca6c8a1a7432b09fd
                                                        • Opcode Fuzzy Hash: 933927f152400057bd14a278640b30f9a4e90d871ccea6ae04b6c52f0a8d7966
                                                        • Instruction Fuzzy Hash: 7F6181786047008FC759EF28D888A197BF2FF89314B058698E8498F366DB31ED85DBD0
                                                        Function 06AEED28 Relevance: .2, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07ba4b606676a78831785c6c928f315e9674ce49ccc9549ea563d8f45b2058ab
                                                        • Instruction ID: 343199e98f1bfdbaecaaa444d5728a9063b72a4c609d67b15583a0f998983018
                                                        • Opcode Fuzzy Hash: 07ba4b606676a78831785c6c928f315e9674ce49ccc9549ea563d8f45b2058ab
                                                        • Instruction Fuzzy Hash: AA61AD30E043459AEB90FBB2E9587AD7BF5FF89309F040868D4519B288EB79C855CB61
                                                        Function 06AE6688 Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 110ac30ba556ebaa51de92dd89ff0cbb65120ccd880f555bfa4df75aaa8f9235
                                                        • Instruction ID: 62708fbfca404385a9a0283ee46994e11900cfcbb816640bc17bf83e023c0d42
                                                        • Opcode Fuzzy Hash: 110ac30ba556ebaa51de92dd89ff0cbb65120ccd880f555bfa4df75aaa8f9235
                                                        • Instruction Fuzzy Hash: 02418732B083608FCB64BB6DA85046FBBA6EFD6750B05487BE585CB141CA749C42C791
                                                        Function 06AED968 Relevance: .2, Instructions: 154COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4c789a766777cbacf1ae011d0e09a310433a442c6d87afd72df35b51bc44d8b
                                                        • Instruction ID: 5eb512d663c93bdbe0393f834c5e607f03d7cba8c665611389f91b1ee5809042
                                                        • Opcode Fuzzy Hash: e4c789a766777cbacf1ae011d0e09a310433a442c6d87afd72df35b51bc44d8b
                                                        • Instruction Fuzzy Hash: 6D51CEB0A042048FDB58FF68D5947AEBBF2EF84314F10852DD44AAB795DB35A902CB90
                                                        Function 06AEE3E0 Relevance: .2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 479ff2da79eb623277818706cb9c87cf8b2c1905fb2911ce8e3397d2d3f1e383
                                                        • Instruction ID: 73e2b67eec51c447d2d60c606857fc51a81e29d0d1aee51c15ee8111f512b589
                                                        • Opcode Fuzzy Hash: 479ff2da79eb623277818706cb9c87cf8b2c1905fb2911ce8e3397d2d3f1e383
                                                        • Instruction Fuzzy Hash: 125181B96047008FC759EF28D888A197BF2FF89314B058668D4498F366DB71ED85DBD0
                                                        Function 06AE7C40 Relevance: .2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0e029e78d797fc1248859d4084707f83efcc0d5e9b4b387f602d37632739f76
                                                        • Instruction ID: dc7b8dd34463d0999bcf5b0eedddda9a8aa0c1b7f1868558da5f4eaca0312cb0
                                                        • Opcode Fuzzy Hash: f0e029e78d797fc1248859d4084707f83efcc0d5e9b4b387f602d37632739f76
                                                        • Instruction Fuzzy Hash: 1841D1317046208FE7A8772DC89477E72AAEBC5701F159426D902CF295EAB8DC82C782
                                                        Function 06AEB8D8 Relevance: .2, Instructions: 151COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51caf7a3cb1d068697bd16dc318672e983e4125def06be1dd80cb1b9e0641d6e
                                                        • Instruction ID: 64f0ed020b7435fe64a38696053c33ec8073588e5a9c1f3af3d1924942a4fb7b
                                                        • Opcode Fuzzy Hash: 51caf7a3cb1d068697bd16dc318672e983e4125def06be1dd80cb1b9e0641d6e
                                                        • Instruction Fuzzy Hash: 71510271A043548FCF51DF28D8986AEBFF1FF45300F0484AAE949EB252D774A905CBA0
                                                        Function 06AEA9C8 Relevance: .2, Instructions: 151COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f926d31cccdf67d96eec6466c8f9097cbf6ab55d88c1c2092799718046f8328
                                                        • Instruction ID: cb672b0e3f66175811d57d462a1e69d0b63dcf9e32f3c05041368daa5da30024
                                                        • Opcode Fuzzy Hash: 2f926d31cccdf67d96eec6466c8f9097cbf6ab55d88c1c2092799718046f8328
                                                        • Instruction Fuzzy Hash: 2E518C757542608FCB48DF38C958A2A3BB6AF8971571541AAF606CF3B2DA30DC41CB50
                                                        Function 06AE30E0 Relevance: .1, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c1d230c41bd31541a5054c0813af78a356c39aecdb6d11d645ff23f9cde91d7
                                                        • Instruction ID: 5c45c0257f1cba2bfa581d78c36c74b2fc26829b33860616d8251e38b78d25d8
                                                        • Opcode Fuzzy Hash: 6c1d230c41bd31541a5054c0813af78a356c39aecdb6d11d645ff23f9cde91d7
                                                        • Instruction Fuzzy Hash: 9F519A357007119FCB15EB69C88892EB7E7FF88300B21C959E9468B751DBB4EC42CB90
                                                        Function 06AE2F20 Relevance: .1, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad1ec720608fc923831cb24e841333082872f8da3ce816b40c239a552ffbbebe
                                                        • Instruction ID: 1588a580417dddfd7e526af936ccd49c5f6284b035e54b0a69e2563d2c971e04
                                                        • Opcode Fuzzy Hash: ad1ec720608fc923831cb24e841333082872f8da3ce816b40c239a552ffbbebe
                                                        • Instruction Fuzzy Hash: 7C41E4303147108FDB64AB68D45473AB7F5FF45714F14886AE947CBA82CBB9EC428781
                                                        Function 06AEA390 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d0e3c8e3a4c45332cb15c8e272aca00baa8f849312ac4a6bdb2bea029c6f7a28
                                                        • Instruction ID: b4f30878c70da81b4d9e4422fcf2ed761252de1f2c509bdcf9733fe41ff4fd36
                                                        • Opcode Fuzzy Hash: d0e3c8e3a4c45332cb15c8e272aca00baa8f849312ac4a6bdb2bea029c6f7a28
                                                        • Instruction Fuzzy Hash: 3F517074B002058FCB45EF68C8989AEBBB2EF85300F15855AE605DB3A1DF709D45CB91
                                                        Function 06276CA8 Relevance: .1, Instructions: 135COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b76c56d0094645c254155ccb4b46755dd3f7d868bb646c1040428a4eb4fb3411
                                                        • Instruction ID: a8f56d729d47e96fbff7529325e001ba1e198ccc584437a16fe045aaed9c25e7
                                                        • Opcode Fuzzy Hash: b76c56d0094645c254155ccb4b46755dd3f7d868bb646c1040428a4eb4fb3411
                                                        • Instruction Fuzzy Hash: CE417C79B201068FCB54DBA9C980AAEF7F6EF88250B248165DD19D7350DB30EC02CBA0
                                                        Function 06AE1920 Relevance: .1, Instructions: 135COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 67d9652c4b2f74be682fd9c8cce9ff15bb59c09912a2bcc9c1f5209af5693b68
                                                        • Instruction ID: b216b0e39b2ba0018738a3870f0a517030516ab8b21297f49ea293bb38ab44a5
                                                        • Opcode Fuzzy Hash: 67d9652c4b2f74be682fd9c8cce9ff15bb59c09912a2bcc9c1f5209af5693b68
                                                        • Instruction Fuzzy Hash: 28519F34B403248FDB54AB25D45873EBBB2EF84704F14C468E9429B685DB78DC85CB81
                                                        Function 0627A1A8 Relevance: .1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 694ef369b2891d48d95a4127761fbb1c91271c880e1a478eec4c9c6049478a11
                                                        • Instruction ID: 24ba8391c28c784ec74a09db3b7bf4ee79558bd8fdb2bac84d17c4f1d4f2ec53
                                                        • Opcode Fuzzy Hash: 694ef369b2891d48d95a4127761fbb1c91271c880e1a478eec4c9c6049478a11
                                                        • Instruction Fuzzy Hash: E151B935A11209DFDB58DFA4D998EAEBBB2FF48311F144129E802A7360CB319C52DB50
                                                        Function 06AEFA88 Relevance: .1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0a3db86028d2faf54d50e9b1b511c2a17ccdaa9858018e901ef9d50b47c6ecae
                                                        • Instruction ID: fd939cb019639e5e5bfef2721607d893f64ce89e84e721bb58427bffad1aa31d
                                                        • Opcode Fuzzy Hash: 0a3db86028d2faf54d50e9b1b511c2a17ccdaa9858018e901ef9d50b47c6ecae
                                                        • Instruction Fuzzy Hash: 03418F70B007465FDB94FF35D89056EBBA6FF88214B108929D416CB259EF74E941CB90
                                                        Function 06AE5424 Relevance: .1, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4e995c0033cf71413c80f17e6462f2742626776487341efe9aa3d47ea5fb804a
                                                        • Instruction ID: d3d3e35c5b6a7ab4d16cecef471d195aedb8e616ad05c07566b5c7be63399c7a
                                                        • Opcode Fuzzy Hash: 4e995c0033cf71413c80f17e6462f2742626776487341efe9aa3d47ea5fb804a
                                                        • Instruction Fuzzy Hash: DB510A35A10209DFDF54DFA0E958EAE7BB6FF48705F204158E902AB261CB72AC51CF60
                                                        Function 0627EEA0 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 698e4cdbc072d00aef435a79f09f72a05d1b38da49ccfa4235a7ba647c170d3a
                                                        • Instruction ID: 09c40f6628c82b9a9c82d1ec6f74ebb09548fc36ba8fa7183fd5a51532a7346c
                                                        • Opcode Fuzzy Hash: 698e4cdbc072d00aef435a79f09f72a05d1b38da49ccfa4235a7ba647c170d3a
                                                        • Instruction Fuzzy Hash: C7413934B141018FC758DF68C598E6DBBE2EF89710B2940A9E846DB376CB71DC45CB90
                                                        Function 06272F3F Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2e2416afdfe7f454606586190c7686db45f871686d9886cfc51473a3ebd760d
                                                        • Instruction ID: 5c86c042dc8077dbc6bd7d750a1f502d1cdbe0a50e98a6e7f9d1f5e2cc4aa40a
                                                        • Opcode Fuzzy Hash: e2e2416afdfe7f454606586190c7686db45f871686d9886cfc51473a3ebd760d
                                                        • Instruction Fuzzy Hash: 7741D3356147418FC326CF24D494E66FFF2EF853107188AA9E8868F766CA31EC46DB91
                                                        Function 06279431 Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1a33ea3b2ce780a2e05ac0c4fd369c6f3d065206e3572a596e897c6da2dd112d
                                                        • Instruction ID: b1d0439d5a52bf62f1ee520cafc8c13a5b28a2cde9c39969df9474178da2dc58
                                                        • Opcode Fuzzy Hash: 1a33ea3b2ce780a2e05ac0c4fd369c6f3d065206e3572a596e897c6da2dd112d
                                                        • Instruction Fuzzy Hash: AD41CD35B01318AFCB05DBA4D894AAD7BB2EF89311F104965EA02AB394DF709D41CB90
                                                        Function 0627EEB0 Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c7c2d5395dc9da78c729e9cd00ac57db0cac80ccf78f8369abe977e83ca710e
                                                        • Instruction ID: e4377d912ac19ad56802464925ba2c8ecd62136f86f53de3aed81cb229d5a215
                                                        • Opcode Fuzzy Hash: 6c7c2d5395dc9da78c729e9cd00ac57db0cac80ccf78f8369abe977e83ca710e
                                                        • Instruction Fuzzy Hash: 5A413C34B141058FC748DF6CC598E6E7BE6AF89710B2590A9E806DB3B6CB71DC41CB51
                                                        Function 06275248 Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e12a840867321f73540513ec628797341840942f55d077584d588c95da2f9d86
                                                        • Instruction ID: cba0d44eb2b14353ad03309ffb1be06960b99f69ec7d87b69ae980715a71b1a5
                                                        • Opcode Fuzzy Hash: e12a840867321f73540513ec628797341840942f55d077584d588c95da2f9d86
                                                        • Instruction Fuzzy Hash: A441A371B105059BCB49DF79D854AAEBBF6AF88311F208429E506FB354DF709D018BD1
                                                        Function 06276102 Relevance: .1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 167ee2b3e6e352873f3a44013bd65196a8f350ccd829dcf8bd2a96143e4626ec
                                                        • Instruction ID: e433b7b7dae5dbca0503011a1d1aa7173c591c968bbc4b0e4e69d1b837489a6b
                                                        • Opcode Fuzzy Hash: 167ee2b3e6e352873f3a44013bd65196a8f350ccd829dcf8bd2a96143e4626ec
                                                        • Instruction Fuzzy Hash: B841F3706042558FCB56DF68D89497EBFF6EF86200B08459EF482CB2A2CB309D05CBA1
                                                        Function 06AE4E21 Relevance: .1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31f1feaf3c0848306bd32333e3dcfc0ab5b2588804139d2b5c8276dd89fa8ca1
                                                        • Instruction ID: 05a4b5315d2ecea392975f9b73744d6fccf29c05d206809c788e3eef8140141e
                                                        • Opcode Fuzzy Hash: 31f1feaf3c0848306bd32333e3dcfc0ab5b2588804139d2b5c8276dd89fa8ca1
                                                        • Instruction Fuzzy Hash: 66414B34A10209DFDF64DFA4D988AEEBBB6FF48705F204518E902AB261C772AC55CF50
                                                        Function 06279440 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b1dbb851aee1908887e7bd73c40361e88ac553d54896bd20a9812f02d229877f
                                                        • Instruction ID: d4bab9e0c553932a95ba146317657708bac97823de36294b95b33a7af163793b
                                                        • Opcode Fuzzy Hash: b1dbb851aee1908887e7bd73c40361e88ac553d54896bd20a9812f02d229877f
                                                        • Instruction Fuzzy Hash: B541A235B00319AFDB44DBA4DC94AADBBB6EF89311F104525EE06AB394DF709D41CB90
                                                        Function 06AEA898 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab871e0489d8053080509891bbcec473e4f7819fc4694c4b11ac4f812ac17a23
                                                        • Instruction ID: 57152bac158c889247217988b9b3818aad26776b66e9ac52d683ad6304832290
                                                        • Opcode Fuzzy Hash: ab871e0489d8053080509891bbcec473e4f7819fc4694c4b11ac4f812ac17a23
                                                        • Instruction Fuzzy Hash: 0641BC713006108FC764EB2AD884A6ABBF6FF88311B14886AE656CB371CA75EC40CB50
                                                        Function 06AE5700 Relevance: .1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dced96600a8bf03ea573984474d0db40ffc410f48c236f74de000aa2d300be45
                                                        • Instruction ID: 7d01a8da95b9d4867c217f1e0ef66e1d2d8587077b255cafb3520750d9f797e3
                                                        • Opcode Fuzzy Hash: dced96600a8bf03ea573984474d0db40ffc410f48c236f74de000aa2d300be45
                                                        • Instruction Fuzzy Hash: 5D41B031E14349CFDB44DB68E9947EDBFB1AF89309F1881A9D106EB382C6769C44DB60
                                                        Function 06273CF9 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c4aac45cc00672225ee73b759abe039662645b352104880753fb712f380979d9
                                                        • Instruction ID: 0b7c1b8ead17593ff5e2c5f9f16454a4a0074de3828ad7b1929cbcf221b48770
                                                        • Opcode Fuzzy Hash: c4aac45cc00672225ee73b759abe039662645b352104880753fb712f380979d9
                                                        • Instruction Fuzzy Hash: F741B031A102069FCB64EB94D884BFE7BF2EF80315F50892DD15297590DF346A89DBD0
                                                        Function 06271B38 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ccf5d751da5aa9e6fe2eb2390446db972ac72ab8bf564f2b540d3aa5f032b516
                                                        • Instruction ID: 0849a49a7f367683570a6c460538e41a7f1cdf476e5bb9edfe5a2680bd49cf5d
                                                        • Opcode Fuzzy Hash: ccf5d751da5aa9e6fe2eb2390446db972ac72ab8bf564f2b540d3aa5f032b516
                                                        • Instruction Fuzzy Hash: 60318135B200069FCB50CFA9D888AAAFBE6FF84315B18C17AD909D7751DB70E811C7A1
                                                        Function 062760C8 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0a874d56db8a6d111766d1b10d35ea77dcb5081f9d41413659a0facb5ece78d
                                                        • Instruction ID: 1f87163e3460ab6b8db9efec58df751ff68a7a3e650c4a539836404f2b4761b6
                                                        • Opcode Fuzzy Hash: f0a874d56db8a6d111766d1b10d35ea77dcb5081f9d41413659a0facb5ece78d
                                                        • Instruction Fuzzy Hash: 1A41BF706142558FCB55DF68D898A7EBFF6FF89200B044899E942CB262CB30DD05CBA0
                                                        Function 06276128 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b23a0472cf285b5fa6d36b6df6ce8f4fd5b5729e3bd4eac70342705146e23fb8
                                                        • Instruction ID: 900d69f3ac0e536d7f4b75f4d7ec2b0eae19984432660fbdd05a16b15062ce3a
                                                        • Opcode Fuzzy Hash: b23a0472cf285b5fa6d36b6df6ce8f4fd5b5729e3bd4eac70342705146e23fb8
                                                        • Instruction Fuzzy Hash: DE41CE707042558FCB54DB68D888A7EBFFAEF89200F04485DE546CB362DB70AD05CBA0
                                                        Function 0627F5E4 Relevance: .1, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c139449284ab42c1de4688b2c53f044b7e22947f621fa389515d3f51aa15eb30
                                                        • Instruction ID: b9697ea9436bc20533df69d98f89d02e09496a382d6c906497a43fd0a3c293ec
                                                        • Opcode Fuzzy Hash: c139449284ab42c1de4688b2c53f044b7e22947f621fa389515d3f51aa15eb30
                                                        • Instruction Fuzzy Hash: 0841F3B1D002499FDB14DFA9C984ADEBFF6FF48310F24842AE818AB254CB716945CF90
                                                        Function 0627FAFC Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bee011c2ee6b73b00e1b42626f0e5b61361ba7ed7d909432a72f560890b37f8e
                                                        • Instruction ID: 4ce185101219a872ea4fce1eeaa8d95552d48185bff91431d4db11c8783ecbf5
                                                        • Opcode Fuzzy Hash: bee011c2ee6b73b00e1b42626f0e5b61361ba7ed7d909432a72f560890b37f8e
                                                        • Instruction Fuzzy Hash: EF41E0B1D1124C9FDB14DFA9C685ADEFBF6AF48300F24802AE805AB254CB74A945CF90
                                                        Function 0627AAD0 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1ac44afc6393c3fe0be1620981d7875c983eb912360fb9181227d7ab87585285
                                                        • Instruction ID: 63330d8408bc6cec4ee5d07bcc8630b222281760c983520361e0c6c867cd47be
                                                        • Opcode Fuzzy Hash: 1ac44afc6393c3fe0be1620981d7875c983eb912360fb9181227d7ab87585285
                                                        • Instruction Fuzzy Hash: 3D318D34710209AFCB51CF24C984EAE7FA6FF85321B048559EC468B3A1CB74E855CB90
                                                        Function 0627BD17 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: da13dbbbc9dd99487ef26f2c62975f596cc7161320649307296ce8da0657c819
                                                        • Instruction ID: 4e6fed29a334647e49b3c72bb87e45477ff41e59c820d02b6f05623a2da19b0e
                                                        • Opcode Fuzzy Hash: da13dbbbc9dd99487ef26f2c62975f596cc7161320649307296ce8da0657c819
                                                        • Instruction Fuzzy Hash: CC31B235E10216DFCB50CF68D4808AAFBB1FF49325B158A99D969EB651D330F942CF84
                                                        Function 0627F48C Relevance: .1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe5e8cd505999267794e19120726129341b7d8861373f7f63646df32594433bc
                                                        • Instruction ID: d17243cd265559a1a15b59003b5e5d3430d4d4973a5daf547dfc166f9647f742
                                                        • Opcode Fuzzy Hash: fe5e8cd505999267794e19120726129341b7d8861373f7f63646df32594433bc
                                                        • Instruction Fuzzy Hash: 644138B1D01249DFDB14CFA9DA84BDEBFF6AF48304F24802AE805AB250CB709945CF90
                                                        Function 0627F9A4 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3be9ab269dbb373c9984c466ae23ea7dd727f542d1ec090a1f7140fa9986d1a
                                                        • Instruction ID: 60f2e451d7e216d5b24761f58380bed6c41a2bc74190549ed367255633706e5d
                                                        • Opcode Fuzzy Hash: e3be9ab269dbb373c9984c466ae23ea7dd727f542d1ec090a1f7140fa9986d1a
                                                        • Instruction Fuzzy Hash: 4C4114B1D112489FDB14DFAACA84BDEBBF5EF48304F24842AE805AB254DB746905CF91
                                                        Function 0627F744 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f5eb952b9d1c1834e57518710cec739ef434f424d9ff1819f5bd70e4a9e13314
                                                        • Instruction ID: e3ee93d9c658ce2f902e8c76aa64d8fb083b4bf9b8cd587babe9cfcc7ebc7bee
                                                        • Opcode Fuzzy Hash: f5eb952b9d1c1834e57518710cec739ef434f424d9ff1819f5bd70e4a9e13314
                                                        • Instruction Fuzzy Hash: 9C411870D112589FDB14DFAAC984BDEBBF6EF48304F24802AE805BB254CB715945CF90
                                                        Function 06AEF510 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b2a92a734e28df9828fce7441859d3e94e2676bc0764cd68a292a06dfe52991a
                                                        • Instruction ID: c27ef6507a77de6c0448869983d63a813b798484842642f7936785c305ec94b0
                                                        • Opcode Fuzzy Hash: b2a92a734e28df9828fce7441859d3e94e2676bc0764cd68a292a06dfe52991a
                                                        • Instruction Fuzzy Hash: B931D2B1E006159FDF65EF64C5806AEBBF5EF98710F148529D816BB350CB30AC848BE0
                                                        Function 0627F5F0 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af0a9d968b996d61a1641475dc55b83d2b4b1e0a94ad4c2133559f5fc3601b2a
                                                        • Instruction ID: a93242cf614dc0c7db1aba6c71ab420c6fe1d4c25f5c50d28f04720bd2a37305
                                                        • Opcode Fuzzy Hash: af0a9d968b996d61a1641475dc55b83d2b4b1e0a94ad4c2133559f5fc3601b2a
                                                        • Instruction Fuzzy Hash: 4B4112B1D0024C9FDB14DFA9C984ADEBBF6BF48310F24802AE818AB250CB716945CF90
                                                        Function 06278DE0 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a6292d9867620483c9e319577e6652c7631b8c8907f8bd3d2a2fce347a3da9c
                                                        • Instruction ID: f177cbeca6e7c671582bb32354b1ba0b59ba558bf40a86d0e0584dcffb8ab2e2
                                                        • Opcode Fuzzy Hash: 8a6292d9867620483c9e319577e6652c7631b8c8907f8bd3d2a2fce347a3da9c
                                                        • Instruction Fuzzy Hash: C0312375B105168FCB54DF68C988C6ABBF9FF4862071141AAE909DB371DB30EC01CB91
                                                        Function 0627FB08 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60e1465eaa50d39e75e22d52c3e9794672c567590981e37b35ad743e1d4a3e55
                                                        • Instruction ID: c1bf737a31c452918f8e0d7e30ed4b2f1aecf96f98bfcd83d45b14e9ef7be2e0
                                                        • Opcode Fuzzy Hash: 60e1465eaa50d39e75e22d52c3e9794672c567590981e37b35ad743e1d4a3e55
                                                        • Instruction Fuzzy Hash: 1941EEB0D1124C9FDB14DFA9C684ADEFBF6AF48300F24802AE805BB254CB74A945CF90
                                                        Function 06AEF003 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ef4f1d6106843be9e173747349e4edf14586bca542e84175bfaeac44ea086255
                                                        • Instruction ID: 4bdbdca2112872291bf9e6d3b40b0f6d8c279564e08b756d913b0bcf3b3e8fff
                                                        • Opcode Fuzzy Hash: ef4f1d6106843be9e173747349e4edf14586bca542e84175bfaeac44ea086255
                                                        • Instruction Fuzzy Hash: 3B31AD75A003058FEB59EF75C5645ADBFB2EF89200F148429D916EB394EF348846CF51
                                                        Function 0627F498 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72cc9749294d3fdc9a75422bf18a74bfb6b0fa6c048d2b7f92a65adc151792fd
                                                        • Instruction ID: 2f94c617b731bf62ef0f2318f46772edb88a145f47f711d86cfb14076e206fa7
                                                        • Opcode Fuzzy Hash: 72cc9749294d3fdc9a75422bf18a74bfb6b0fa6c048d2b7f92a65adc151792fd
                                                        • Instruction Fuzzy Hash: 053119B1D11208DFDB14DFA9DA84BDEBBF6AF48304F24802AE805AB250DB759945CF90
                                                        Function 0627E0F8 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb6f0615966e050446a429734d2243216e83290850db8615384bf8e152b3490b
                                                        • Instruction ID: 485df7c33d2116146b13efe016c8582b0a24b490294db29348d291fd7bcd510f
                                                        • Opcode Fuzzy Hash: cb6f0615966e050446a429734d2243216e83290850db8615384bf8e152b3490b
                                                        • Instruction Fuzzy Hash: BE318E70F101068FCF55DB68C4A5ABEBBB2EF89310B1584AADC559B355DB30EC01CBA1
                                                        Function 0627F9B0 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71f02ed299e4a4cce189700c10f42fe97d712156cff6c14fa551557ab7aefa94
                                                        • Instruction ID: 5f2d6ff7112a6621929e1087443b3babc7213e72c729341f5a0577b6b725d22e
                                                        • Opcode Fuzzy Hash: 71f02ed299e4a4cce189700c10f42fe97d712156cff6c14fa551557ab7aefa94
                                                        • Instruction Fuzzy Hash: 9E3116B1D112489FDB14DFAACA84BDEFBF6EF48304F24802AE805AB254DB755905CF91
                                                        Function 0627F750 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f059f3b46066133a5eb1de334f03a172a01f648d947bbcd29c932d9bab4b5996
                                                        • Instruction ID: 7d4b3500dc33d0203aa20c154b26c57793982474bcfa7160a4121c77737e6774
                                                        • Opcode Fuzzy Hash: f059f3b46066133a5eb1de334f03a172a01f648d947bbcd29c932d9bab4b5996
                                                        • Instruction Fuzzy Hash: 643117B0D10248DFDB54DFAACA84BDEBBF6AF48304F24802AE804BB254DB745945CF90
                                                        Function 06AED7D0 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39b0c74a98de562f7a9be6e0667cf5e4c674f25e27711b5af7b983361b3cfaeb
                                                        • Instruction ID: f029fe0504ef344e838a9d5050c2ec317e51fa16c616f0d6bf07923aa0d9988d
                                                        • Opcode Fuzzy Hash: 39b0c74a98de562f7a9be6e0667cf5e4c674f25e27711b5af7b983361b3cfaeb
                                                        • Instruction Fuzzy Hash: FD317AB1C05258DFDB55EFA8C9597ADBFF1AF08314F24945AE805AB380CB395909CFA0
                                                        Function 062754F5 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c6c1358e84ba126df1021d834ad812359afbc8cebe0075bdcd0cf5ded0f8ebde
                                                        • Instruction ID: 5d41e9393cbed0c7d63563ac44ca7c7da4079fa887b5623cb041d4b557e54e81
                                                        • Opcode Fuzzy Hash: c6c1358e84ba126df1021d834ad812359afbc8cebe0075bdcd0cf5ded0f8ebde
                                                        • Instruction Fuzzy Hash: F52126B6B102164FCB098B6CE885ABEBFB7AFC5210729406AD905E7355DE34C90183A1
                                                        Function 0627E108 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3861d673b94e93b38ce935f9f9ee2f3629941e843c458db374e99049be779fd
                                                        • Instruction ID: 43f12856d9eaca3849c948dafba3d961520abd997cebfad952954eede128685c
                                                        • Opcode Fuzzy Hash: a3861d673b94e93b38ce935f9f9ee2f3629941e843c458db374e99049be779fd
                                                        • Instruction Fuzzy Hash: B2215C70F101068FCB55DB68C891A7EBBB6EF88310B1584AADD569B354DB35EC01CBE1
                                                        Function 06278DF0 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 699dcffbf9ab0f0615a227a1918608e7ba95f7ace1e71a557e555bb11f8356d1
                                                        • Instruction ID: 4fe1655d25a58c39c0c42d075391d59a8b71a2a6c4c5685c86155fe15ec9c817
                                                        • Opcode Fuzzy Hash: 699dcffbf9ab0f0615a227a1918608e7ba95f7ace1e71a557e555bb11f8356d1
                                                        • Instruction Fuzzy Hash: 00211575B105168FCB44EF69C988C6ABBF9FF4862071141A9E915DB361DB30EC01CBA1
                                                        Function 06272FE0 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 326817fa6c669b3800ff21a8c7bc60386f3b901de1fb7475bd4bdae82d68e53b
                                                        • Instruction ID: d65f84d3c46087fc6fd5c23f88ae3ab29d657ea13063dd7b40af6109cd5852c4
                                                        • Opcode Fuzzy Hash: 326817fa6c669b3800ff21a8c7bc60386f3b901de1fb7475bd4bdae82d68e53b
                                                        • Instruction Fuzzy Hash: 86317C356106028FC325DF25D498E26FBF6FF88310718CA68E8468B766CA71E846DB90
                                                        Function 06AE1000 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6bf39b863747e2e35edd811cdbfc339626326ad69a88a0876145f7939596356
                                                        • Instruction ID: f6170bdc838b7b11ee7dfa1b9dbc4a1dd8d8833832d0ce1fba57b1832d9f5817
                                                        • Opcode Fuzzy Hash: b6bf39b863747e2e35edd811cdbfc339626326ad69a88a0876145f7939596356
                                                        • Instruction Fuzzy Hash: AE21F471E083609FC7A1DF698C4479EBFF0BF89710F1840AAD804EB281D7748851CBA0
                                                        Function 0627156D Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 78f2b33b588ce55f3dcd0619eb1c2b086519721b7e1288a63484695e97ef8ea7
                                                        • Instruction ID: c1096afb51b1dfaf6ad8371121e59fcdde2474bed61022997c8b32e964df8017
                                                        • Opcode Fuzzy Hash: 78f2b33b588ce55f3dcd0619eb1c2b086519721b7e1288a63484695e97ef8ea7
                                                        • Instruction Fuzzy Hash: BA218DB0E183499FCB45DFB8D4949AEBFB1EF4A310F15449AD481EB351DA309E44CB91
                                                        Function 062723E8 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07d8c7bd306a25c4dc47b8535cf7224133ead48b142be1984939d57145963101
                                                        • Instruction ID: b3d4eac94e94d2d18fd56402efdd2e84f4894cd89bd68590017cca720bdab981
                                                        • Opcode Fuzzy Hash: 07d8c7bd306a25c4dc47b8535cf7224133ead48b142be1984939d57145963101
                                                        • Instruction Fuzzy Hash: 0F118E327212018FDB94CA2DD890E2EB7DAEFC8660714803BDC1ACB345EE31EC018394
                                                        Function 00F4D1CC Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a84ea949d24d754774676883057bee39cc254ed89e51da7ac3e4de1a0ad9747
                                                        • Instruction ID: 733488ebe2d097035e93953e6577f890a4fec82d6de9462fd9630c78f64c9e72
                                                        • Opcode Fuzzy Hash: 3a84ea949d24d754774676883057bee39cc254ed89e51da7ac3e4de1a0ad9747
                                                        • Instruction Fuzzy Hash: BB2104B5A04204EFDB04DF14D9C0B26BF65FB84324F24C96DEC094B296C776D946EA61
                                                        Function 00F4D01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2b818e58f7daa5f6dd3d9d30d46ed2c51fe2adbcb0ef5bb0e156fec273f3e165
                                                        • Instruction ID: 783cf42955b775a058d0a77f4eec34b95f16dad2cdcef6766ca5b34c8beedd89
                                                        • Opcode Fuzzy Hash: 2b818e58f7daa5f6dd3d9d30d46ed2c51fe2adbcb0ef5bb0e156fec273f3e165
                                                        • Instruction Fuzzy Hash: 752123B2504200DFCB24DF18D9C4B26BFA5FB84324F24C569ED490B249C33AD847EAA2
                                                        Function 00F4E700 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e059698117be6892b4c118b4e29a3a430ef608ab68cab639b1825c3e185aa0b
                                                        • Instruction ID: 18ed41b59c053bd67e32143293ac0e28db13544c9098af9095828a4ce8aecfac
                                                        • Opcode Fuzzy Hash: 2e059698117be6892b4c118b4e29a3a430ef608ab68cab639b1825c3e185aa0b
                                                        • Instruction Fuzzy Hash: 2621D3B56042049FDB04DF14D9C0B26BF65FB94324F24CA69ED094A252C336D846EA61
                                                        Function 0627FC70 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0a829bc54ce87cd3b92aa845e846c2828bb720d5104522e6b68820befe53cd5e
                                                        • Instruction ID: e865b4cf729ce011fb2a2fdd8c6ca7556adfcc68d753575b3f214ccf97339cc3
                                                        • Opcode Fuzzy Hash: 0a829bc54ce87cd3b92aa845e846c2828bb720d5104522e6b68820befe53cd5e
                                                        • Instruction Fuzzy Hash: F1218E32E2471E8BDB14DF95D9505EEF7B5FF85304F10862AE815BB244EBB0A585CB80
                                                        Function 00F4FEFC Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f4e4f1e6b376b2ba68f1764a055f42b0b146df3006806d32a350ec4d39d2de1
                                                        • Instruction ID: 8f335da1780e012aeed5893c34edef8e9acaf7bf2e4b4a9fd8e77b3ace1cad06
                                                        • Opcode Fuzzy Hash: 4f4e4f1e6b376b2ba68f1764a055f42b0b146df3006806d32a350ec4d39d2de1
                                                        • Instruction Fuzzy Hash: 6121B0B69082409FDB04DF14D580B26BFA5EB95324F24C67DED0D4B245C736D84EE661
                                                        Function 00F4E3B8 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ea141113c550916aa613d73afe18b46baa7081ea0480c1c58a4b095def6eccd
                                                        • Instruction ID: 2b222151931d23dc1ec0d35e90bfd229fb09d969da768ab5952bab5762d541f0
                                                        • Opcode Fuzzy Hash: 8ea141113c550916aa613d73afe18b46baa7081ea0480c1c58a4b095def6eccd
                                                        • Instruction Fuzzy Hash: 6B2126B5A04200DFDB04DF14D5C4B26BFA5FB94324F20C96DDD494B361C33AD806D661
                                                        Function 00F4F8F8 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dca7905c4225af2891518a365bc6ccab97868dbe0f832f3827333b3cda76ea03
                                                        • Instruction ID: 2b6cbe1568d360a9c5a1364bcbea6027a21d095ac11e0a3ca73caeac891a0153
                                                        • Opcode Fuzzy Hash: dca7905c4225af2891518a365bc6ccab97868dbe0f832f3827333b3cda76ea03
                                                        • Instruction Fuzzy Hash: D021A1B2A04244AFDB14DF24D9C0B26BFA5EB94324F20C57DD94E4B391C73AD84AD6A1
                                                        Function 00F4E7E8 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb0b3b68106ffb73313d309ad309f72bc3d80227acc65c2bf96564e9f92ce064
                                                        • Instruction ID: d5635f88dee1c118e07ae3b0a8759c581447c4198313a563d2132d812fb22e3b
                                                        • Opcode Fuzzy Hash: fb0b3b68106ffb73313d309ad309f72bc3d80227acc65c2bf96564e9f92ce064
                                                        • Instruction Fuzzy Hash: EB21F0B1A042409FDB14DF24D5C4B26BFA5FB94324F24CA6DDD0A4B281C73AD846D662
                                                        Function 00F4F5B8 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 435907b8044910f7217dc35cc057774afa711901da540f1de8132a19af35c88b
                                                        • Instruction ID: 2b6d9af362f2775c5e1a7eb98d0a98c1bac2836a95b16596055a017b70523f46
                                                        • Opcode Fuzzy Hash: 435907b8044910f7217dc35cc057774afa711901da540f1de8132a19af35c88b
                                                        • Instruction Fuzzy Hash: 1C21F3B16042409FDB14DF24D5C0B26BFA5EB94324F34C57DDD0E4B261C73AD84ADA61
                                                        Function 00F4DF98 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d28c523bc9b56d434293829d8c7d9430476e132d5e3a2e4a82443a0cb2c02e7
                                                        • Instruction ID: 90bae072965f06754c0081acb4293542d9c52df15a07c8e8ad3dea4780546b1a
                                                        • Opcode Fuzzy Hash: 9d28c523bc9b56d434293829d8c7d9430476e132d5e3a2e4a82443a0cb2c02e7
                                                        • Instruction Fuzzy Hash: 432105B1604240DFDB24DF28D5C0B26BFA5FB94324F30C96DDD0A4B241C37AD84AE661
                                                        Function 00F4F688 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed166552910e7f381571cb729371b02d81eaafea4598f1ffd6516a536c767ffb
                                                        • Instruction ID: d92d6e9f902b51d7a3e2359260ce171af7d96ddfcc7e5b68eec748a4abf0ab4d
                                                        • Opcode Fuzzy Hash: ed166552910e7f381571cb729371b02d81eaafea4598f1ffd6516a536c767ffb
                                                        • Instruction Fuzzy Hash: 142105B5A042409FDB14DF24D5C0B26BFA5EB94324F30C57DDD0E4B251C73AD84AD661
                                                        Function 00F4EE68 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9df09475cc1c9366e7230dbcab8deae34e8cfb1bc876c163ac0c22763b222ab
                                                        • Instruction ID: e63058dd1b09942d17e51b19f8a82d69be34c6025e5d7da19d7ec075beab1662
                                                        • Opcode Fuzzy Hash: f9df09475cc1c9366e7230dbcab8deae34e8cfb1bc876c163ac0c22763b222ab
                                                        • Instruction Fuzzy Hash: 6D2127B2A04240DFDB14DF14D5C4B26BFA5FB94324F30C96DDD4A4B281C33AD84AD662
                                                        Function 06AED7F8 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cba98f8e1e56d7fafc7378dec385619fa4233f2b6003313f21a33a5725b1e56a
                                                        • Instruction ID: cb43d362977300ad84968c8d9a00606c52c3a24f0c23d5231d7611270591faf4
                                                        • Opcode Fuzzy Hash: cba98f8e1e56d7fafc7378dec385619fa4233f2b6003313f21a33a5725b1e56a
                                                        • Instruction Fuzzy Hash: 2C213570D00208DFDB64EFA8D949B9DBFF5AF48314F24842AE809A7340CB79A945CF90
                                                        Function 06278F58 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5fb2c100a3215adbbaaea3463f7dee92174ea9621d5fa6607ff1f6c455e83c4
                                                        • Instruction ID: 207c3c5373db3fb3db94aca126f95a4272c2e4ae974ede14c4868e71ba6d55fb
                                                        • Opcode Fuzzy Hash: d5fb2c100a3215adbbaaea3463f7dee92174ea9621d5fa6607ff1f6c455e83c4
                                                        • Instruction Fuzzy Hash: 8C216331E2060A9BDB14DF94D9556EEB7B2BF89300F20852AE805B7240EB74AA45CF90
                                                        Function 00F4D002 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1747508fda96d2b75e460d130c0030030eee5686affc440b77f2e2f8d580f729
                                                        • Instruction ID: 77609792509adfdff2be7e7291d4da17d81c76d0dad3b0cc929a3d85440bc109
                                                        • Opcode Fuzzy Hash: 1747508fda96d2b75e460d130c0030030eee5686affc440b77f2e2f8d580f729
                                                        • Instruction Fuzzy Hash: 612183755093808FC712CF24D994715BF71EB86324F29C5EAD8458B697C33A980ACB62
                                                        Function 06273C10 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8e043b1c53a8f628a65313ffea3b0ff925d3ad078207d30fcaadad9da4c5861
                                                        • Instruction ID: e9b319f83091bcc2bad6bf8f51637616a411d9361e4fe07b71a7c48c61a9f24e
                                                        • Opcode Fuzzy Hash: d8e043b1c53a8f628a65313ffea3b0ff925d3ad078207d30fcaadad9da4c5861
                                                        • Instruction Fuzzy Hash: 301121B23583824FC366DF79DCD4D5A3FA2AF8530231542AAE444CF2A6DA34DD05DBA1
                                                        Function 06270CFA Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 50bf7282c00a57d92afc3c55423cc6cdd712ca314565e36e0d49ca4d33a006ad
                                                        • Instruction ID: 3560cad5673507bedad07e84c01411746eb7c074a036d828b811bcdfa68d0fc7
                                                        • Opcode Fuzzy Hash: 50bf7282c00a57d92afc3c55423cc6cdd712ca314565e36e0d49ca4d33a006ad
                                                        • Instruction Fuzzy Hash: AD213874A1020A9FDB14CF69C984FAABBF2EF8C310F248159E804AB350CB70AD45CB90
                                                        Function 06AE296E Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af5b596a400170a17ab58e6fb3f968f9c01688808dc3c5422de4c7451611f46c
                                                        • Instruction ID: ab04b3a295903cf78fe28502fdfcda2c81a0dfe5d022dbf21ce6ddec6e75c934
                                                        • Opcode Fuzzy Hash: af5b596a400170a17ab58e6fb3f968f9c01688808dc3c5422de4c7451611f46c
                                                        • Instruction Fuzzy Hash: FE211A70B00109DFDF45EF95D884AAEBBB6FF88350F109015F951AB260DB30DA51DBA0
                                                        Function 06AE9C91 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 132ac93b1336fd6f8a3b68a8b570881c9f2e4cee00cd24f7c47e114d8657cc01
                                                        • Instruction ID: 1f609dc020e53f3bfc737051f834cb709b20b330bb644551100b30462cc65663
                                                        • Opcode Fuzzy Hash: 132ac93b1336fd6f8a3b68a8b570881c9f2e4cee00cd24f7c47e114d8657cc01
                                                        • Instruction Fuzzy Hash: DF1172B1E002089FCB55EFA8D8906DF7FB2FF84300F50896AD1059B654EE715A489BD0
                                                        Function 06AEE050 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1baf8f0e527020db0151574685d7b9dfc6ab6e9897ca1333d6e579ba6de0a2cd
                                                        • Instruction ID: 33ac5d9f59008e36feaa6663e32306726914143934715c9b213b3c13232a435c
                                                        • Opcode Fuzzy Hash: 1baf8f0e527020db0151574685d7b9dfc6ab6e9897ca1333d6e579ba6de0a2cd
                                                        • Instruction Fuzzy Hash: 1F11A0B16052619FD394DF2DD8D449ABFE4FF8921070055ABE049CB352CA30D844CB95
                                                        Function 06271598 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c64199830d1436b91538de8ed056722336747b5a5a95e898016cfff721f89328
                                                        • Instruction ID: ee30ba82b9d20f16ec59111e15b0d2aa90d5b843e943e81bf3cdd6d5e117b377
                                                        • Opcode Fuzzy Hash: c64199830d1436b91538de8ed056722336747b5a5a95e898016cfff721f89328
                                                        • Instruction Fuzzy Hash: CA21E7B4E14209DFCB44EFA8D4859AEBBF2FF89310F504499D856AB350DA30AE44DF91
                                                        Function 0627C9F8 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f36adc136c881e8b2dd22a446c859d5ea53b0bb42d9d0d9ebc6e073dbfd80316
                                                        • Instruction ID: 4bfda656a24e3ec6441e6ecb4b0d31325888944b0faf6665d778620db7323481
                                                        • Opcode Fuzzy Hash: f36adc136c881e8b2dd22a446c859d5ea53b0bb42d9d0d9ebc6e073dbfd80316
                                                        • Instruction Fuzzy Hash: 961139363101149FCB04DF59E884C9A7BAAEF8C725B108056FA068B371CB72DC61DBA0
                                                        Function 06274768 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca20b92518cad73db661b1d68ef5bcbb6542d4346068d6097594485333d3fbd8
                                                        • Instruction ID: 3988c65615878b6cad716b94894047b713d4464fec0aad6f257798839099f7ba
                                                        • Opcode Fuzzy Hash: ca20b92518cad73db661b1d68ef5bcbb6542d4346068d6097594485333d3fbd8
                                                        • Instruction Fuzzy Hash: F4F081367202164BEB9071AAB900EB6B7C9DBC5565F044576DE0CCFA41EA75C812C3A0
                                                        Function 06AEDBB1 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82f9c274a3221677eeadd34c9ec29bd59868298e06e4432487cf930a064a946c
                                                        • Instruction ID: eac2675755000da81e0e01bad1942851249002c4c99c8c795572168fa024d84a
                                                        • Opcode Fuzzy Hash: 82f9c274a3221677eeadd34c9ec29bd59868298e06e4432487cf930a064a946c
                                                        • Instruction Fuzzy Hash: 56113D747196008FDB19FB24D594B2AB7B2EF85348F009A18D0860B7A9CF766C12CBD1
                                                        Function 00F4E6FB Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction ID: bbfe9e30d512a0139e535e154496a45ff709b362e92bde77f3f3b938b25d11a3
                                                        • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction Fuzzy Hash: 9911DD79904280CFDB11CF10D5C0B25BFA2FB84328F24C6AADC494B696C33AD84ADB61
                                                        Function 00F4D1C7 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction ID: b226d8eced876325da9bb4d41d89ecb4cd4e9b244432004d52e226815a417eb1
                                                        • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction Fuzzy Hash: 2111DD75904280DFDB15CF10D5C4B15BFA2FB84328F24C6AADC094B656C37AD94ACB61
                                                        Function 00F4FEF7 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95376814f4f13af957b0ca8cabb6034ab99dfa3ece923ad96b2e2fc5a13c73bf
                                                        • Instruction ID: a814b5cc4ba3caf2343c7ac29402cb73c61a1c6ab9c300b066529344dd27a82d
                                                        • Opcode Fuzzy Hash: 95376814f4f13af957b0ca8cabb6034ab99dfa3ece923ad96b2e2fc5a13c73bf
                                                        • Instruction Fuzzy Hash: FB119D759046808FDB15CF14D684B15BFA1FB85328F24C6AED8494B652C33AD84ECB51
                                                        Function 00F4E3B3 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95376814f4f13af957b0ca8cabb6034ab99dfa3ece923ad96b2e2fc5a13c73bf
                                                        • Instruction ID: f00e6873731855af6db62d458386b3a9c7b1627eccdf1a32e697208716c20755
                                                        • Opcode Fuzzy Hash: 95376814f4f13af957b0ca8cabb6034ab99dfa3ece923ad96b2e2fc5a13c73bf
                                                        • Instruction Fuzzy Hash: 1811BF79904680CFDB15CF14D6C4B25BFA1FB84324F24C6ADD8494B762C33AD84ACB92
                                                        Function 00F4F8F3 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction ID: 3e9bbbab79e93a1551426daab211a6ab5dd9ae5350688807c86597c6bcfa49fa
                                                        • Opcode Fuzzy Hash: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction Fuzzy Hash: 1511CEB59046849FDB15CF24D9C4B25BFA1FB44324F24C6ADC84D4B792C33AD84ACB92
                                                        Function 00F4F5B3 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction ID: 875bdd8e2c201e54aa67346a265c8f3a656dd24c7ceac9ba616e9c3d1d3fcf6b
                                                        • Opcode Fuzzy Hash: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction Fuzzy Hash: AB11CEB59046808FDB15DF24D6C4B25BFA1FB44324F24C6BEC8494B662C33AD84ACB92
                                                        Function 00F4F683 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction ID: 4d0aede8146d33f37947bfe2b98595ef0208e7e9f420d56050aadffa4fb2bea4
                                                        • Opcode Fuzzy Hash: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction Fuzzy Hash: 81119EB59046808FDB15DF24D6C4B25BFB1FB54324F24C6ADC8498B652C33ED84ACB92
                                                        Function 00F4EE63 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2870166474.0000000000F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F4D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_f4d000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction ID: 7a86071f4e73787e23244bc7ca87a63ba58f970c898283c907ebba0e342a9471
                                                        • Opcode Fuzzy Hash: a597023fe9617df083137b22f2d1e1d9cba5b47bc6bba7a423d3dedd94599fb5
                                                        • Instruction Fuzzy Hash: 9C11E0B5904680CFDB15DF14D5C4B25BFA1FB84324F24C6ADDC494B652C33AD84ACB92
                                                        Function 06271B2A Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 077ed639c0cc2bfabc920d566b0edb0b81f11d96ac762d93f85f5c4a600d2618
                                                        • Instruction ID: 62888366c5de55b7bcbe92fc9c578f1d6849837344e198b22b001077a91d461a
                                                        • Opcode Fuzzy Hash: 077ed639c0cc2bfabc920d566b0edb0b81f11d96ac762d93f85f5c4a600d2618
                                                        • Instruction Fuzzy Hash: 3E01F730B141029FC7118A699884966FFE6AF8521071882A5D408CB315DB70DC52C7E1
                                                        Function 0627DB98 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a36f560220264d29eefb3bc27258b5392e03cd1b7c69046df642825fa8ed9ca6
                                                        • Instruction ID: 077bbbc5c0f1ba946988c650cae726bd757498aaecf5e0e404efa8fea634a563
                                                        • Opcode Fuzzy Hash: a36f560220264d29eefb3bc27258b5392e03cd1b7c69046df642825fa8ed9ca6
                                                        • Instruction Fuzzy Hash: AF0124716143209FD3228B26C894EB3BFBAFF85301F04891AE58687951CA39E906C760
                                                        Function 062723D9 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 834c3d4d648e2d7fa3d574aa37ad10d866634686804e732cc2fe5fff7dfd3ded
                                                        • Instruction ID: e26fdef9cc6dea81ae90d7c03fd29699b3cba504795d82fac6fa473a573626cd
                                                        • Opcode Fuzzy Hash: 834c3d4d648e2d7fa3d574aa37ad10d866634686804e732cc2fe5fff7dfd3ded
                                                        • Instruction Fuzzy Hash: 8A017C713162419FD7A4CE2DD890E2ABBE9EF89360718806AEC49CB352DA31ED00C760
                                                        Function 06AEE710 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52f5e1a069928c9d79bf6292a9410026655a7238dbb3e80a34973eeb035597ea
                                                        • Instruction ID: a2886fbd34bb9355f0d5873a8687fad5151b6833d27cf832d3132f4b2e4638c0
                                                        • Opcode Fuzzy Hash: 52f5e1a069928c9d79bf6292a9410026655a7238dbb3e80a34973eeb035597ea
                                                        • Instruction Fuzzy Hash: A5014970D082584FD7C1EFA9AC103DA7FF9EB49241F500052D288EB346D22845019BE1
                                                        Function 06273600 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b2a8f6b34eadf2bb13228f0c374dddfeff1f20014fcbadaffe34eb287755d6d1
                                                        • Instruction ID: f6beaa636b4a896d2f2d98204666afa388061d0f9908f6b4cfa3155b77320ea9
                                                        • Opcode Fuzzy Hash: b2a8f6b34eadf2bb13228f0c374dddfeff1f20014fcbadaffe34eb287755d6d1
                                                        • Instruction Fuzzy Hash: 97F0F032B046260F57449A6EAC84D2EB7AAEFC4621320013AEA09C3320EF71CE019395
                                                        Function 06278F09 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2ff5fc1b0a47591994db604a73b3c333063e4c647be5ab057f924ec032d09dd
                                                        • Instruction ID: 485c0af74087621c03487bde585772c5181f9b1184cc6a1e8aa585590f317684
                                                        • Opcode Fuzzy Hash: c2ff5fc1b0a47591994db604a73b3c333063e4c647be5ab057f924ec032d09dd
                                                        • Instruction Fuzzy Hash: 4EF0C832B341554BD751DA79A558E767FEAEBC1651B084037FD44CB644EB34C811C390
                                                        Function 06273570 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0744a89fb4086820c68a9b4966d1f6a1e480a3f81454a875f1f691945cafe3e4
                                                        • Instruction ID: 6584811249c3cc8aaaf92f3f94d97689e0f352a456b0d11e443c63567cea14a5
                                                        • Opcode Fuzzy Hash: 0744a89fb4086820c68a9b4966d1f6a1e480a3f81454a875f1f691945cafe3e4
                                                        • Instruction Fuzzy Hash: 4901A2356146438FC762CA24E580815BBF2EF8921432586A9D885CF715CB33EC42CBC0
                                                        Function 06273580 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0823225b4cbe5f8717eea2c4b5c11024c2fd888506de573fea81b82faf37de93
                                                        • Instruction ID: f6b8f78a50cfa2b45ec5e18efa6661b998949ce1dfcd495d1a99df8f52e26d40
                                                        • Opcode Fuzzy Hash: 0823225b4cbe5f8717eea2c4b5c11024c2fd888506de573fea81b82faf37de93
                                                        • Instruction Fuzzy Hash: 42018136B1060A9BC751DA65E48081AB7E6EFC82283148279D909CF714DB33EC42DBD0
                                                        Function 06277DA0 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aae504387b2b727a44094341131b9e028da10cf3ba63c55eb32919da5c633850
                                                        • Instruction ID: 4fcdf7ccfe22369a828a5d6af012b77b160d323222bb49edb269eb2aece91d5a
                                                        • Opcode Fuzzy Hash: aae504387b2b727a44094341131b9e028da10cf3ba63c55eb32919da5c633850
                                                        • Instruction Fuzzy Hash: 5D01D470649285DFCB05DB64E814AA9BFB1EF96314F1985EBE00CDB663D7328D40C750
                                                        Function 06AE9F00 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 40f52da8048de1d5898bb59cbc2c996e0ef1795bb69dcfe4f4b419614c82d40a
                                                        • Instruction ID: 7bb3663497ff142a8289cc31a67d1c6320b8394da62a8a3a708b1aff6cd80b62
                                                        • Opcode Fuzzy Hash: 40f52da8048de1d5898bb59cbc2c996e0ef1795bb69dcfe4f4b419614c82d40a
                                                        • Instruction Fuzzy Hash: 69F0F6723143501FC355B7796C5445F7FEBDFCA250754446AEA4ACB382DCA49C02C7A1
                                                        Function 06273C40 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8546cfb564136c5ee90838d82d309f5c4c63e17d4d2ac613d4670a0d35157cf1
                                                        • Instruction ID: f4665daff48dd08d4153319f936a7580fe855106a135be43633f9f54ebefa30c
                                                        • Opcode Fuzzy Hash: 8546cfb564136c5ee90838d82d309f5c4c63e17d4d2ac613d4670a0d35157cf1
                                                        • Instruction Fuzzy Hash: F5F03CB17506125BC358EA6AD880A5A7796EF882517108229E509CF354DE74DC45DBD0
                                                        Function 06AE0838 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97c7a62826d86695e9eb081841705d8be49b39dc08e1af36e47e9ca79e1101b0
                                                        • Instruction ID: 4cc89e7ef880688f1e4181b657b64c70cacc34248470cc925b6e41d44c0f8688
                                                        • Opcode Fuzzy Hash: 97c7a62826d86695e9eb081841705d8be49b39dc08e1af36e47e9ca79e1101b0
                                                        • Instruction Fuzzy Hash: FDF0AF716092408FD349CB2DD494A7ABFE5EF89320B18406AE849CB350DB719D41C7A0
                                                        Function 06AEC490 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 76a684b0c6f47223f6ed868bd170f24448d7761c2d6cfc743df33312f37b9c90
                                                        • Instruction ID: 744c11fc7c8289d4826a241293a1bd7b72921085409f518345f1ca5c3df68231
                                                        • Opcode Fuzzy Hash: 76a684b0c6f47223f6ed868bd170f24448d7761c2d6cfc743df33312f37b9c90
                                                        • Instruction Fuzzy Hash: 4601F77461A244CFC305E764E9A89B93FB5AF42341B4584BAE1098F666CF34AD41CBD1
                                                        Function 06AEC482 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 690456c35a0b8bf61639faf91a6354a678318f7028265a13ec78d1d731f4535e
                                                        • Instruction ID: 808ca536135ac9fa7ef88fff30416f7ac75b6d7d32b10e81d563e1f735d779ef
                                                        • Opcode Fuzzy Hash: 690456c35a0b8bf61639faf91a6354a678318f7028265a13ec78d1d731f4535e
                                                        • Instruction Fuzzy Hash: 72017C7CA15104CFC315EB58E998DA5BBF5FB06350B16C1AAD82A9B766D330AD00DF81
                                                        Function 06AE78B9 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e5aa62e114f2ef4d48b1d43b1a5a5ce831675a9aea996499bc54fea4a9acebc
                                                        • Instruction ID: 29a7e5ce9179b3ff26e2ed105220e7e4815513988d08c8857483fb3c709f9405
                                                        • Opcode Fuzzy Hash: 6e5aa62e114f2ef4d48b1d43b1a5a5ce831675a9aea996499bc54fea4a9acebc
                                                        • Instruction Fuzzy Hash: 5F011674D046199FCB94DFA8D8509AEBBB2FF48314B20C929D559AB240E335AA06CFC0
                                                        Function 062735F0 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 900798614bd7a8d4d50e7f005ec97c075f5f1444bb223d0540a1c45b56c7693c
                                                        • Instruction ID: ec9ee7a19a343e7cde02391679336c9ff1fcd474eba98e6aaac8b29722d1bbf5
                                                        • Opcode Fuzzy Hash: 900798614bd7a8d4d50e7f005ec97c075f5f1444bb223d0540a1c45b56c7693c
                                                        • Instruction Fuzzy Hash: 28F090367082124FC751CF6CD98596ABBE9EF8A651315056AD648C7321DA70CE02D752
                                                        Function 062719B9 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be975b864095bd4c6d6ebea434260bf9995f6cab62ff859070d5fc755bc03a20
                                                        • Instruction ID: 90c02d1efb808c3720f772e2ff5c9e13d7e87e8543188dd34fd1301c91062b9c
                                                        • Opcode Fuzzy Hash: be975b864095bd4c6d6ebea434260bf9995f6cab62ff859070d5fc755bc03a20
                                                        • Instruction Fuzzy Hash: ADF0E2717142025FC3148EBE98889A6BBEDEFC9234318852BE848CB35AEE70DC018360
                                                        Function 06AEE650 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 358627598f0a31d0f2db549fb74b4b1f54842530b134964de494a3d9255f432d
                                                        • Instruction ID: 555b195ff2ae549732c424b48dc74747fa492bda030fd339c954a6d81c2ddb6a
                                                        • Opcode Fuzzy Hash: 358627598f0a31d0f2db549fb74b4b1f54842530b134964de494a3d9255f432d
                                                        • Instruction Fuzzy Hash: 110119B16057419F8394DF2AD99084AFFE5FF8D22035149AFE449CB712D630E840CB94
                                                        Function 06AEE07C Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af5072b44b2d4f6458bb5113a95bb7923ce407e5ab845b0054ecbb0ab8aefd07
                                                        • Instruction ID: 97eeba973aa56c7f335cf48fbf9a8b7892c59b2041c8562981e43a6be33aa7ad
                                                        • Opcode Fuzzy Hash: af5072b44b2d4f6458bb5113a95bb7923ce407e5ab845b0054ecbb0ab8aefd07
                                                        • Instruction Fuzzy Hash: A0F0F4B1B006059F8394DF2ED98495AFBE8FF8D320750596EE94ECB711DB30E8408B98
                                                        Function 06AE0848 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b983d65365f404484ab5bb60d1aff2c722a484af46a0ffbe9c84bea223917af6
                                                        • Instruction ID: 1de4fa4e132e753bed3060a084742deb43f1a6071a42ec5ecde089ae2a9930f8
                                                        • Opcode Fuzzy Hash: b983d65365f404484ab5bb60d1aff2c722a484af46a0ffbe9c84bea223917af6
                                                        • Instruction Fuzzy Hash: C1F05E71B041049FD358DB0ED494B7EBBE9EB88360F184069E909CB350DBB2AC41C6A4
                                                        Function 06270E49 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3915f0af63eb8a6b104bf9b0a03c196e17045bad7dc3dc672f71180d5054d945
                                                        • Instruction ID: 15d2a541a41d9cf07f73387e48a40e7408e099aead7f1319065d1f30517d034b
                                                        • Opcode Fuzzy Hash: 3915f0af63eb8a6b104bf9b0a03c196e17045bad7dc3dc672f71180d5054d945
                                                        • Instruction Fuzzy Hash: 35F027367052248FC71A1E7494405BD3B729F95315B2880E9DD494F387CE278D07C791
                                                        Function 0627B2D0 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 89567ca824969a7e5522297940d1c4da3c618ba9daf290ae2fb3cb3203bfd1d0
                                                        • Instruction ID: 5ce1d7f4295a24b60d689c22bf9bdc3781a57b3e6a7f467251c09707f39b3c52
                                                        • Opcode Fuzzy Hash: 89567ca824969a7e5522297940d1c4da3c618ba9daf290ae2fb3cb3203bfd1d0
                                                        • Instruction Fuzzy Hash: CDF0E53170A1414BC3166ABC68E05AEAF92DF8A265349496BE5DDC3205CD208D069395
                                                        Function 06AE089C Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0bb91781ad1e9038aa0e5df7984a2168175204df2c8f42fa2a786e5f591baf2e
                                                        • Instruction ID: 301e0757aff404513d3a4fc51013c1c3b952ac1f22e2c70ac530049eb6975428
                                                        • Opcode Fuzzy Hash: 0bb91781ad1e9038aa0e5df7984a2168175204df2c8f42fa2a786e5f591baf2e
                                                        • Instruction Fuzzy Hash: 06F027B2B0D2404FE34A676CA4A433D7FA0EB95300F0C00AEC546CF265DF969856C391
                                                        Function 06271648 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 377e30270a37255376e4e2fbc8c75351338579b99562912e1169c553c06cfb4b
                                                        • Instruction ID: 58f07c2dd4af82e6a6bfadc0b88ecf4af419fb64a8c6e81d0f184518b6070cd1
                                                        • Opcode Fuzzy Hash: 377e30270a37255376e4e2fbc8c75351338579b99562912e1169c553c06cfb4b
                                                        • Instruction Fuzzy Hash: B6F0E5323182908FD7054F79B898D667FE9AFCA26131E01FAF809CB252CE20CC05C750
                                                        Function 06278EB1 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f8bf4f59be870dcb5ff5d5a68a8980fa1b4fa9bb29449a203e877ddf38b07cf
                                                        • Instruction ID: 7b90a25c31515bc34588a02c4d4540e0500ccba7064635d08eab7ebc9aba3279
                                                        • Opcode Fuzzy Hash: 8f8bf4f59be870dcb5ff5d5a68a8980fa1b4fa9bb29449a203e877ddf38b07cf
                                                        • Instruction Fuzzy Hash: 48F05C32B242554FC3A1DEB9E444966BFE1EF522A1708847BEC45CB204E735D810C7D0
                                                        Function 06275FE2 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 521730f22ecc2f795bcf3e0c7ee9f400171f6b6ee303ed2e093cb8bb2723ed9f
                                                        • Instruction ID: 661b6abed70f60ba1201832a299b438158e194255ac6c90e46a208f6b4c668d5
                                                        • Opcode Fuzzy Hash: 521730f22ecc2f795bcf3e0c7ee9f400171f6b6ee303ed2e093cb8bb2723ed9f
                                                        • Instruction Fuzzy Hash: D2F0E5352252428FC3618FB9E458A35BFF2EF8224271902EAEC85C7661CB35CD10C711
                                                        Function 0627FC60 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7228aab02d7b4bb5e6e051fbdb3114877860a533072a526e37c1b3f4e9578d81
                                                        • Instruction ID: 6cd4024c48183ac812d94f51a3770d6737215f6e5abff6081621a00647c54658
                                                        • Opcode Fuzzy Hash: 7228aab02d7b4bb5e6e051fbdb3114877860a533072a526e37c1b3f4e9578d81
                                                        • Instruction Fuzzy Hash: 45F02B35F1020A5BCB24DDBCDA906D5B7A2EB88312F08457ACD94D3248CAB19459C7C4
                                                        Function 06272368 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ffb1100867253ad05f3056d5d8ba3622b06c9cdba02fd7cea5af2600a5c0ec7c
                                                        • Instruction ID: 5b134e9e9a1b99b06c06d3e929853168b017f1c7787653412c23ab3c84d89760
                                                        • Opcode Fuzzy Hash: ffb1100867253ad05f3056d5d8ba3622b06c9cdba02fd7cea5af2600a5c0ec7c
                                                        • Instruction Fuzzy Hash: A2F065727155255F4764CA5DD840D9BBBEDEB992B03158137FD48D7300DA30ED0086E8
                                                        Function 0627DB48 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91a7a7b6451fb70ed9f2c63728e0f5d71ede29bd685f6e82b7235ee49ef340f5
                                                        • Instruction ID: ee6c71f427e4ff01441b49bcccbdba13ef8c271e8d22b53d95115ddea6f582a9
                                                        • Opcode Fuzzy Hash: 91a7a7b6451fb70ed9f2c63728e0f5d71ede29bd685f6e82b7235ee49ef340f5
                                                        • Instruction Fuzzy Hash: 97F0A0363105108FC3559619E544FAAB7BAEFC8732F54406BE94A8BB61CBB1F801C790
                                                        Function 06AEA330 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8c04caec3b8890334266042cf149886965afe608fa4edffbd839776d26fa0b3
                                                        • Instruction ID: 34eaf21adf751f37b5308eb55fab2972bb6549da43f5edb215a46fd52528d6d3
                                                        • Opcode Fuzzy Hash: b8c04caec3b8890334266042cf149886965afe608fa4edffbd839776d26fa0b3
                                                        • Instruction Fuzzy Hash: 3EE065373001546B4714AA8EA8C8CAAFBADFBD9232354803AF60CCB221CA21DC45C7A0
                                                        Function 06AEE100 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2baaca97c804a417b74fca16180bbc0c95a69f69185fc22c70c7ff90673514ac
                                                        • Instruction ID: 1d2f0f1d9c4246c1ad15254f95145251aeee922b7c6a1f7aad994ac77890b332
                                                        • Opcode Fuzzy Hash: 2baaca97c804a417b74fca16180bbc0c95a69f69185fc22c70c7ff90673514ac
                                                        • Instruction Fuzzy Hash: B7E022B13001106BF24436BD5894B3B2AEEEBC0765B001836E706D7350EE91EC0443E1
                                                        Function 06AE78C8 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee90f9b28f8a969fb17019a3e6a2cc247bc9d64cb350b652b9a74bf0c8824433
                                                        • Instruction ID: 29d49e8cb500764ab86a97332940d3f4ed99aa2a294230b64dc54d16e61ddb45
                                                        • Opcode Fuzzy Hash: ee90f9b28f8a969fb17019a3e6a2cc247bc9d64cb350b652b9a74bf0c8824433
                                                        • Instruction Fuzzy Hash: 8F01B670D00219DFCB94DFA5D8409AEBBB1FF48314B10C929D559A7240D775AA52CF90
                                                        Function 0627BD50 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9adec48033459b289347dc7db4b7591426a054122cc81068cf40686456652b60
                                                        • Instruction ID: 2a505f5a692228e52ccc8cf73b620eebf57ea0133205d4daf1da7f4ac47e367e
                                                        • Opcode Fuzzy Hash: 9adec48033459b289347dc7db4b7591426a054122cc81068cf40686456652b60
                                                        • Instruction Fuzzy Hash: F6F01930D0031ADFCB44DFA5D8805AAB7B1FF48304F208969D959A7250D771A942CFC0
                                                        Function 06AEE6B0 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e51dc600b77bf4f8ade7ac59900ce044e283cb07a30432b749d8cc4bc43f605
                                                        • Instruction ID: 6af8b8b8667239a57428fd358f558aaaff845ac11fdf0b21f37b104d23eb58b5
                                                        • Opcode Fuzzy Hash: 9e51dc600b77bf4f8ade7ac59900ce044e283cb07a30432b749d8cc4bc43f605
                                                        • Instruction Fuzzy Hash: B8E02BA13083503BF200667D58606276BAEDBC1665B440876E605DF680EE90EC0043E1
                                                        Function 06278F49 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d02be04d7e12af0485f7bce9b83e8ce234c1a689d0a788a5069d23d8d7f57659
                                                        • Instruction ID: 57e6b12bd38b6bdcc6f8ad42fdd061b89ae14c7626f6513f8b699fb7b6d76b3d
                                                        • Opcode Fuzzy Hash: d02be04d7e12af0485f7bce9b83e8ce234c1a689d0a788a5069d23d8d7f57659
                                                        • Instruction Fuzzy Hash: D1F0A739A201468BCB14CEBCE559695BBF6AF48311F148A3AC585D3108DB349415CB51
                                                        Function 06AEC51F Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19f4e03d50836a4d9f2b4a6254f0c0c7be537040eb31aaf954dde8cd6455ddec
                                                        • Instruction ID: 2c1c55927404d09e6931b21fc6b0287e93b94a23c912c839f25a7a5a5c574a6d
                                                        • Opcode Fuzzy Hash: 19f4e03d50836a4d9f2b4a6254f0c0c7be537040eb31aaf954dde8cd6455ddec
                                                        • Instruction Fuzzy Hash: E7F089702096569FCB01EB28E8C1996BF75FB413143405A59F0415F527CF65BA8787D1
                                                        Function 06272C49 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c72152718fa2a4f960c7535016a68d30bc4a3c920694c51d4ad4884d117100f
                                                        • Instruction ID: aa46201b1617f8933929ad71e95c37cdc6d81776237334fc7673cb5a72d11464
                                                        • Opcode Fuzzy Hash: 9c72152718fa2a4f960c7535016a68d30bc4a3c920694c51d4ad4884d117100f
                                                        • Instruction Fuzzy Hash: F6E0ED302007008FC3069B68EA896287FF2EF85321B10195AE0C6CBA51DA356944CB90
                                                        Function 0627E0B8 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a31d7d2978a8a685b101ca488df108fdf88ea98d2be577263d626ec826dc1d1
                                                        • Instruction ID: f1c2911b372947cc453fe4cfc50dbbcde3743a0490bb80cd62fe8f0b0748b6d9
                                                        • Opcode Fuzzy Hash: 8a31d7d2978a8a685b101ca488df108fdf88ea98d2be577263d626ec826dc1d1
                                                        • Instruction Fuzzy Hash: 3BE012363292A12FC616A6B868A08FB5FAACACA5503590DBBE198D7741C9744D0393A1
                                                        Function 06AE9F6F Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b90d8e201d1ec8b81f90bc3e975c8842e825a8bf079508130906c79e10c2aabf
                                                        • Instruction ID: 24331c60390fa4930958db93cbffb57f4a50eed4f9b50652167775c6529da226
                                                        • Opcode Fuzzy Hash: b90d8e201d1ec8b81f90bc3e975c8842e825a8bf079508130906c79e10c2aabf
                                                        • Instruction Fuzzy Hash: 78E0C2712593401FDB421BF1681C3663FA8DF42614F1404E6FA48C7643E89044008792
                                                        Function 06AE9CA0 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52067e6507815007d5b979577417d42396154f892f895078a101c12ca5451afb
                                                        • Instruction ID: f4b21e442ee00f6eca9632205267cd5788d9e433abd1792727ecd51060470f35
                                                        • Opcode Fuzzy Hash: 52067e6507815007d5b979577417d42396154f892f895078a101c12ca5451afb
                                                        • Instruction Fuzzy Hash: EBE04F312007109BC729EB2AE48495FBBFAEED53513409D3DE54687A14DEB2B98586D0
                                                        Function 0627B2E0 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 965acd648568169537b4df6c0d237e08a0049fbc27242080c6e1c744875af717
                                                        • Instruction ID: ee7c6882e8bb709479750e92f8173ad80e88c6b4020f18e846cb839165fec046
                                                        • Opcode Fuzzy Hash: 965acd648568169537b4df6c0d237e08a0049fbc27242080c6e1c744875af717
                                                        • Instruction Fuzzy Hash: 84D05232702020274648219E2C848BFBA8EEAC99BA394403AFA1DC7304CCA18C0642E6
                                                        Function 06277A18 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f1feaeb10894bdc3cbf28c624012d78d56e017a40eb47f6036ebcc58f52dc78
                                                        • Instruction ID: 8bffc804c49e35e5bc0acc1a5f6c294293c45af87b7e0f6b6a0b00a798974283
                                                        • Opcode Fuzzy Hash: 3f1feaeb10894bdc3cbf28c624012d78d56e017a40eb47f6036ebcc58f52dc78
                                                        • Instruction Fuzzy Hash: 7FD02B31A0020552DF30542EAC44AABBF9CCBC5270F04013ADD8C43144DA30F815C2E2
                                                        Function 06278F18 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b45775c12b1e474e95387870466dae7ce148d32c1af262da52e4ae6187499fac
                                                        • Instruction ID: f266a06e72c322f13c9a7b6f37b2145752b98e473c618fc458cd92435a7b2814
                                                        • Opcode Fuzzy Hash: b45775c12b1e474e95387870466dae7ce148d32c1af262da52e4ae6187499fac
                                                        • Instruction Fuzzy Hash: 8AD0A73173015063D60515496819F7B3ADFD7C4B61F144037F605D7280DEA68C02C3E1
                                                        Function 06272C58 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db11512db0d30102f6b3b6d5e8bb281f19844335fe5413da11f1b05d320ceb10
                                                        • Instruction ID: 6eb6c9340a38314f88dd206517f3aea3f0c8161b09fd0933e6734dcd19bc29b9
                                                        • Opcode Fuzzy Hash: db11512db0d30102f6b3b6d5e8bb281f19844335fe5413da11f1b05d320ceb10
                                                        • Instruction Fuzzy Hash: 99E0C2312007046BC215A768E489A6E7FEAEFC5B66B00182DF44687B00DE7678458BD4
                                                        Function 06AED918 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 935e7858533ba2b759f1fc346af19731fec4b0faa967d531896d6aaa16c42ead
                                                        • Instruction ID: 093aac41555a6519d31acfa0cc63b461720f14db67dd4944fdb7da62971810aa
                                                        • Opcode Fuzzy Hash: 935e7858533ba2b759f1fc346af19731fec4b0faa967d531896d6aaa16c42ead
                                                        • Instruction Fuzzy Hash: DCE0C2344163444AEBA43392E9AB3783E984F81219F488159F88A0AE859ABE8087CF50
                                                        Function 06273CC0 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 94fb31a2b9584522c4eff4726cd9548a2ccefe2a39833f0c1d344c4e8103a2bb
                                                        • Instruction ID: 7c2e38525a5b5a7edd039bf8fc742d3b99d0f33d4cf43c47b142f59eeb44c0c4
                                                        • Opcode Fuzzy Hash: 94fb31a2b9584522c4eff4726cd9548a2ccefe2a39833f0c1d344c4e8103a2bb
                                                        • Instruction Fuzzy Hash: 38D05E313596424FD749CB79C8145647FE6AF5521431A10E6E488C73B3EA19CD418715
                                                        Function 06277DF0 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4b92ec8e2f04d56684969700513aa80e967e8687218d4da2bf611d70ec93b13e
                                                        • Instruction ID: 43244f1b3f1d283eeffcf758345c79b73d00ab970b5ca76014a0cd06691baca2
                                                        • Opcode Fuzzy Hash: 4b92ec8e2f04d56684969700513aa80e967e8687218d4da2bf611d70ec93b13e
                                                        • Instruction Fuzzy Hash: A0D05BB090010CEFCB44EFA4E94165DB7B5EF45205B504A99E408D7300DE311F009BC1
                                                        Function 06274DAA Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92bd0179007057abea170c897124d969e55ae2a44cd304e1d564dd2e1427ee7a
                                                        • Instruction ID: 016648eb11a314055de674de144f288679fedfd053c10bf7571dc0c308e09f26
                                                        • Opcode Fuzzy Hash: 92bd0179007057abea170c897124d969e55ae2a44cd304e1d564dd2e1427ee7a
                                                        • Instruction Fuzzy Hash: 35E0123096031FCFDB14EFD0D555A7E77B1FB54304F208858D801A7244DB759546CB80
                                                        Function 06270E88 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c10d52fb4331577f94f9958c2f4ce118825ad6f66c217be63d983afb699612c
                                                        • Instruction ID: 51e1249ba243c7a88672c9eb69f842367d2e72151569bf7ca8b2b1cb49ef3a49
                                                        • Opcode Fuzzy Hash: 0c10d52fb4331577f94f9958c2f4ce118825ad6f66c217be63d983afb699612c
                                                        • Instruction Fuzzy Hash: A0D0127660131A97CB155A55D500861BB2AAF8956832880ACDD4C0F715CA33EC43C7D4
                                                        Function 06273CD0 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 44c58f2937edd59deaf7d4c1ee6a3f48cf460efc69859aa799611130032bc6c0
                                                        • Instruction ID: 5226fa90c21207a8b76f31613f5b90f7c394ff8dd2361154231c2069b17b80bb
                                                        • Opcode Fuzzy Hash: 44c58f2937edd59deaf7d4c1ee6a3f48cf460efc69859aa799611130032bc6c0
                                                        • Instruction Fuzzy Hash: 92D08C3036031A8FAB4CDABEC441A79B7DE6F8891435240E5B94DC73B3EE29EC014660
                                                        Function 06AE557A Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0e7f836b8370203c4aa4775b3a377e37544f9a31b04bf7884535925c1546e4f
                                                        • Instruction ID: 278477e86ce80edbb196854b5dce656e17a66a863836bd7636eb8ff4a41413e8
                                                        • Opcode Fuzzy Hash: f0e7f836b8370203c4aa4775b3a377e37544f9a31b04bf7884535925c1546e4f
                                                        • Instruction Fuzzy Hash: BED09E3AA0010DCFDF10DF95F955AEEB772FB44315F20422AEA1563251C3725925DF91
                                                        Function 0627B642 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 340fafd02c84750284415aad85ba8afa5abf87ebeb0a4244eb51ae0562984baa
                                                        • Instruction ID: 9d14a7b8f34f63746466ef2ea58faad2c64d76a93ef5753a34dca95f9a6f444e
                                                        • Opcode Fuzzy Hash: 340fafd02c84750284415aad85ba8afa5abf87ebeb0a4244eb51ae0562984baa
                                                        • Instruction Fuzzy Hash: EAC0123024D381AFC3038F24A94AA06BF619F43700F054486E2808D093C2A04864DB32
                                                        Function 06273551 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d8b781cbf35e84a051f90499bb4e5a90f8801cea7672b1aca5336a20efb49ec
                                                        • Instruction ID: 6553206e41f34982c8c2ec031096eb0431f69a6e7bb27c3af5190916f984f5f3
                                                        • Opcode Fuzzy Hash: 5d8b781cbf35e84a051f90499bb4e5a90f8801cea7672b1aca5336a20efb49ec
                                                        • Instruction Fuzzy Hash: 0DC04C608193C14FCF1A9F65AD981143FB0994260571500C6D4C18B293D5148505C762
                                                        Function 06AEA256 Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                        • Instruction ID: 6d153bf9132815d1e56e17a599488fce999204fa2562bebe484330f39e245745
                                                        • Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                        • Instruction Fuzzy Hash: 88B09237A0400889EB40AA89B4413EDFB30F7A0225F104067C31062000C232016887D1

                                                        Non-executed Functions

                                                        Function 053957E0 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2942132361.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5390000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \Vkl
                                                        • API String ID: 0-178496027
                                                        • Opcode ID: 6edb97a87281a792614e9ab7edd640d6d46f5afdda9b92851d7c563b4ebe7689
                                                        • Instruction ID: d869f4df40f7022fb2da101671205016628381818af991e95beb52621bc59447
                                                        • Opcode Fuzzy Hash: 6edb97a87281a792614e9ab7edd640d6d46f5afdda9b92851d7c563b4ebe7689
                                                        • Instruction Fuzzy Hash: 39915EB0E002099FDF1ACFA9C9857EDBBF2BF88314F148129E415A7254EB749885CF85
                                                        Function 06276268 Relevance: 7.6, Strings: 6, Instructions: 146COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$,jq$,jq$Hjq$`]kq$`]kq
                                                        • API String ID: 0-3067439747
                                                        • Opcode ID: 00f6d78268cd97d97fff877cb8195e646cbcb0eaecaa1b130ff8e45699827804
                                                        • Instruction ID: 2c4fa294791ed963297fc39bf75aed1c310d61a1ac4fc7bf9efaee418cf70064
                                                        • Opcode Fuzzy Hash: 00f6d78268cd97d97fff877cb8195e646cbcb0eaecaa1b130ff8e45699827804
                                                        • Instruction Fuzzy Hash: 8D414831B245148FCBA89B7C94948AE3FE6EFCA62532504AAE506DB791CE30DC01C7D5
                                                        Function 06AEB181 Relevance: 6.5, Strings: 5, Instructions: 249COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (_fq$4cfq$Hjq$$fq$cfq
                                                        • API String ID: 0-1271113556
                                                        • Opcode ID: 983eaf6ca7f4002b62d47181c043c1429ef00c61a6114c29bd57d01cc1faadd7
                                                        • Instruction ID: b027f42b4cddf864f7a6c4974da14f14868030602b027579d6f98a09568f1300
                                                        • Opcode Fuzzy Hash: 983eaf6ca7f4002b62d47181c043c1429ef00c61a6114c29bd57d01cc1faadd7
                                                        • Instruction Fuzzy Hash: 4781BA70704216CBEFA06F69DA5575A77A9EF41741F10043EEC46EF680D624CC81DBB6
                                                        Function 06275A78 Relevance: 5.4, Strings: 4, Instructions: 407COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3107636187.0000000006270000.00000040.00000800.00020000.00000000.sdmp, Offset: 06270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6270000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$,jq$,jq
                                                        • API String ID: 0-3346257352
                                                        • Opcode ID: c3c285b9561fd3d6439ec0a88653f10a0795e9fb883e4ac32594b9ed5c22d6a6
                                                        • Instruction ID: b95f9fd4d9cc953be19df4ac9550c0927e380ade685ae526e25d75acff43198a
                                                        • Opcode Fuzzy Hash: c3c285b9561fd3d6439ec0a88653f10a0795e9fb883e4ac32594b9ed5c22d6a6
                                                        • Instruction Fuzzy Hash: 3CE19074B202058FC754DF68C894A6EBBF6EF89311B158569E816EB3A1DF30ED01CB91
                                                        Function 06AE75C0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.3126936673.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_6ae0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4cfq$4cfq$$fq$$fq
                                                        • API String ID: 0-992314218
                                                        • Opcode ID: bdab57046d6ee4eccae7d4222018cbdfc6d38470f2e154e2e680ac92520821a1
                                                        • Instruction ID: 1b20ce1152bea94909913e3f9f3cc3d4aedda318066b7ef9ccca31c4e813d23a
                                                        • Opcode Fuzzy Hash: bdab57046d6ee4eccae7d4222018cbdfc6d38470f2e154e2e680ac92520821a1
                                                        • Instruction Fuzzy Hash: E151C079B001159FDB54EB68D984AAEB7B6FF88714F14802AED069B345DB70DC11CBD0

                                                        Executed Functions

                                                        Function 02194F58 Relevance: 11.9, Strings: 9, Instructions: 613COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq
                                                        • API String ID: 0-3711252534
                                                        • Opcode ID: 035c53fa474a42260ea986686c84cb5cfe998156c164b864a1c1bdab74dd902a
                                                        • Instruction ID: fc5e5f6e3dd174166fa346da47bd2a2a0cc930928e2664aa87f21e2082759ce4
                                                        • Opcode Fuzzy Hash: 035c53fa474a42260ea986686c84cb5cfe998156c164b864a1c1bdab74dd902a
                                                        • Instruction Fuzzy Hash: E5328D74B002159FDB09EF69D4946AEBBF3EF88310F648069D406EB355DB349D42CB91
                                                        Function 02193860 Relevance: 4.4, Strings: 3, Instructions: 691COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 2f78f08dc258a48e45fa8892f1ce46c6283286d1ffd52a4010948eb3945d011a
                                                        • Instruction ID: 583c93d4a7409135269eed37c3c78f2bf04816699a4a6309ed622ef5badbbfff
                                                        • Opcode Fuzzy Hash: 2f78f08dc258a48e45fa8892f1ce46c6283286d1ffd52a4010948eb3945d011a
                                                        • Instruction Fuzzy Hash: 88428F74B002149FDB05EBB9D894AAE7BB7EF88300F148069E916E73A5DF359C42DB50
                                                        Function 02193750 Relevance: 3.8, Strings: 3, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: ddc21e341963fbf9e5f4c8bfcbac286c4e26d58986a2ad7ef5d4bf09325d50a7
                                                        • Instruction ID: 0bacee285ed81d059f060086893c61413eed2077c8e28ba80b9746aaf83c1346
                                                        • Opcode Fuzzy Hash: ddc21e341963fbf9e5f4c8bfcbac286c4e26d58986a2ad7ef5d4bf09325d50a7
                                                        • Instruction Fuzzy Hash: 03212536B081544FDB5DB77A681413E2BE7DFC622032841BAE906D73D2DF298D078396
                                                        Function 0219BEAF Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 45e0afa8864cb4d9c45b58c3bf94b35f9ed87ba4915d12c073da9627434fa6a1
                                                        • Instruction ID: 5ef6b24886a65c5c1c1a362b0baf54e69b07e0d274c3620de460907943081746
                                                        • Opcode Fuzzy Hash: 45e0afa8864cb4d9c45b58c3bf94b35f9ed87ba4915d12c073da9627434fa6a1
                                                        • Instruction Fuzzy Hash: 4B413D747006009FC744EF6DC498A6EBBF6FF89710B2580A9E506DB3B6DA71DC018B91
                                                        Function 0219BEC0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 4a019fc430cab3871ebd85ed3f0b6389f9bd1d81923c597b123c6cc10c1a7f12
                                                        • Instruction ID: 065a4448787a6a98d91c9f6edba561505e92e951e9dd7c1eacd17c653e0d33e4
                                                        • Opcode Fuzzy Hash: 4a019fc430cab3871ebd85ed3f0b6389f9bd1d81923c597b123c6cc10c1a7f12
                                                        • Instruction Fuzzy Hash: 73313A747005048FC744EF6DC898A6EBBF6FF89710B2580A9E506DB3B6CA71EC018B91
                                                        Function 02192B10 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: fd43719be2e058b692aa7c27b5c648c239430a5a2a5c6cc49094797087077663
                                                        • Instruction ID: 3e717aa4fb60e0b708619a14271d28fc5d0ff070e8126ca0439c8115ae626ea0
                                                        • Opcode Fuzzy Hash: fd43719be2e058b692aa7c27b5c648c239430a5a2a5c6cc49094797087077663
                                                        • Instruction Fuzzy Hash: B6310C347002069FD70AAB39D594A1E33B6EB89A24B20817DD40ACB3ADDF36DC03D784
                                                        Function 02192B20 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: a3011dcb2ffce5ba14a408475201aa7586c906eb38479be8a982e759becb05c3
                                                        • Instruction ID: 01f9ed21727631604081c3f54c56008f0774b942dade677ec5f05e5dd302ccaf
                                                        • Opcode Fuzzy Hash: a3011dcb2ffce5ba14a408475201aa7586c906eb38479be8a982e759becb05c3
                                                        • Instruction Fuzzy Hash: 6231CA357002069FD709AB75D594A2E33B6EBC9A25B20816DD50ACB3ACDE36DC43D784
                                                        Function 02194248 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: 1d63702e7467b0ef29c35bbf3b305093267a25f387e3ad72460d83027989195d
                                                        • Instruction ID: c9ca625224ec78f3c4aa14d4696d0c17cd6409d55bda0a529fecd456aa7cc2f8
                                                        • Opcode Fuzzy Hash: 1d63702e7467b0ef29c35bbf3b305093267a25f387e3ad72460d83027989195d
                                                        • Instruction Fuzzy Hash: 3E014C727082400FD70AA77E681417E3BA3EFD261034844AED445CF356DE68AD46D3D5
                                                        Function 02191049 Relevance: .8, Instructions: 843COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f49d9823815d9b2ff53599e387b8ad1a197db785cec8d733302ca6e99a92dbb
                                                        • Instruction ID: f7793a1bb7b1be5dd8bf3ad25303a51ae073edccb79a32de2bb7698792b770f8
                                                        • Opcode Fuzzy Hash: 9f49d9823815d9b2ff53599e387b8ad1a197db785cec8d733302ca6e99a92dbb
                                                        • Instruction Fuzzy Hash: A28210B8A0050DEBDB06EBF4D5D4B6F7B76EB88300F105415AA4163398CF366D91EB26
                                                        Function 02191058 Relevance: .8, Instructions: 835COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31acd063cf1d560d082d28bc3de60a5fa777ea0474b028c3ba4e58525fd06ab9
                                                        • Instruction ID: 7d403761afcadad78204240e95cf1561d62acc6c267b14a87f0f447b72bc7f99
                                                        • Opcode Fuzzy Hash: 31acd063cf1d560d082d28bc3de60a5fa777ea0474b028c3ba4e58525fd06ab9
                                                        • Instruction Fuzzy Hash: E1821FB8A0050DEBDB06EBF4D5D4B6F7B76EB88300F105415AA4163398CF366D91EB26
                                                        Function 0219B0B0 Relevance: .7, Instructions: 680COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9cd2715ad3de151986a9ad2a22210f0804b2093aa41eb62e2852fd2d5cc70a09
                                                        • Instruction ID: 1b4271cca315c20a5d311f9a4ebaa27e03d4185f00ed17559697ddbc469d57fe
                                                        • Opcode Fuzzy Hash: 9cd2715ad3de151986a9ad2a22210f0804b2093aa41eb62e2852fd2d5cc70a09
                                                        • Instruction Fuzzy Hash: E3526B78A01200CFDB19EF34E598A2D77B6FF88315B14856AD4069B3A9DB76ED81CF40
                                                        Function 0219BB9F Relevance: .2, Instructions: 171COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b62c22d92f2251a08d47b88be6947f81e2078f9b05db9f992ebf5d3fb7c02c20
                                                        • Instruction ID: aa83b4a9d90c91f1f1ea4fc7b7b843ce64b7abf9c8a1979befa7be9491db1b08
                                                        • Opcode Fuzzy Hash: b62c22d92f2251a08d47b88be6947f81e2078f9b05db9f992ebf5d3fb7c02c20
                                                        • Instruction Fuzzy Hash: BD81FAB8A02201CFD716EF14E6C9919BBBAFB48314F25C56AE5158B329CB32ED45DF40
                                                        Function 0219385A Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 63f598b74659f0c526cbdf71547ce1db6a083e6c5a717a8ec95ed08505c42f82
                                                        • Instruction ID: 1bbe86582a8e0e83869527888b4568431386a93d3af355acc23b878e5096987e
                                                        • Opcode Fuzzy Hash: 63f598b74659f0c526cbdf71547ce1db6a083e6c5a717a8ec95ed08505c42f82
                                                        • Instruction Fuzzy Hash: DB615D74B10218EFDF05DFA5D894AADBBB6FF88310F108069E816A7364DB35AC41CB50
                                                        Function 02195AA0 Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd579756cfa41e1dc38e0b07b87cbd0ce11f8e6a9c708be1d62f020d50bf3f02
                                                        • Instruction ID: feef006c782d77cc7ac82c5408dca3d3baa8bd0fe39ac831eae3b3da5c8403fd
                                                        • Opcode Fuzzy Hash: fd579756cfa41e1dc38e0b07b87cbd0ce11f8e6a9c708be1d62f020d50bf3f02
                                                        • Instruction Fuzzy Hash: 35514A75B006069FCB05EF69C994A6EBBF6FF88314B514168E506EB365DB30EC01CBA0
                                                        Function 02195240 Relevance: .1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f1bd1691e66c5ba5578b4a2ba2c39fbfc3d937b79dad39c6acee741aa8d12e6
                                                        • Instruction ID: 86aee0e07c3f56bcc072d9cee0c1cdf134f8a22d038e0e9df80f8f50f25f9718
                                                        • Opcode Fuzzy Hash: 7f1bd1691e66c5ba5578b4a2ba2c39fbfc3d937b79dad39c6acee741aa8d12e6
                                                        • Instruction Fuzzy Hash: 5F513A34A40218EFDF09DFA9D594AAEB7F3AF88315F548069E805B7264DB30AD41CF90
                                                        Function 02192850 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7c0fda24cf0a094e774969b2d4abb7c2b664882ff1f5d19a5011295e8212f03f
                                                        • Instruction ID: a8b36579065940be492a48993d9e53653ec7a54d1bc18ffc0c32192c0920ca14
                                                        • Opcode Fuzzy Hash: 7c0fda24cf0a094e774969b2d4abb7c2b664882ff1f5d19a5011295e8212f03f
                                                        • Instruction Fuzzy Hash: 2441E6B4E10208DFDF19EFA5D884AEDBBB6FF89300F10552AD901AB265DB35A845CF50
                                                        Function 02195A91 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 674b961ff260b8a70869ae229eea99a250874771fea7f9aeecb2d50db28fce4b
                                                        • Instruction ID: 25ec85e89c9f813f48d0a951504103f950d156423fb73c9da2827dd51ff4eaa1
                                                        • Opcode Fuzzy Hash: 674b961ff260b8a70869ae229eea99a250874771fea7f9aeecb2d50db28fce4b
                                                        • Instruction Fuzzy Hash: 6D3181B5B005068FCB04DF69C98496ABBF6FF89310B518069E509EB322DB30ED05CB60
                                                        Function 02192842 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 048c3dcf5382663567939a5acd0bbd7de3f30a28d215b1a31a05808e16437379
                                                        • Instruction ID: 719597de10a00cc987ccdfdef2b35a71e094e0d643c07da1b6854a9d2229afee
                                                        • Opcode Fuzzy Hash: 048c3dcf5382663567939a5acd0bbd7de3f30a28d215b1a31a05808e16437379
                                                        • Instruction Fuzzy Hash: 46315CB0E10208DFEF19EFA5D8846EDBBB2FF89300F105529D801AB294EF759946CB50
                                                        Function 02195308 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8da756335618f5ead74712901bb0eabd87a22d194d1b35783fa5d61358f47130
                                                        • Instruction ID: 83fba995dc480d572289f24dddac9e7c07d7b9a1e3f6b46de03091597e08c232
                                                        • Opcode Fuzzy Hash: 8da756335618f5ead74712901bb0eabd87a22d194d1b35783fa5d61358f47130
                                                        • Instruction Fuzzy Hash: 4F41E834A40114EFDF09EFA5E594AADBBB3BF88311F608069E806A7364DB359D41CF90
                                                        Function 02192C48 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cae47e43d1349fa3de718f36cc1b21554fec5e5a4cd9f1da2a3aa24cac23e0e0
                                                        • Instruction ID: 6be6b0cd2134ddbbef0867ce28139f348317465845eb3a1a87c080038a608cbc
                                                        • Opcode Fuzzy Hash: cae47e43d1349fa3de718f36cc1b21554fec5e5a4cd9f1da2a3aa24cac23e0e0
                                                        • Instruction Fuzzy Hash: 364128B491020ACFCB04EFA9D9C46EE7BB5FB48314F10456AE801AB395DB325A81CF91
                                                        Function 0219B0A3 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce6e467bde63735fe3e138eda574c671e58dafe0fd36ce0eb607be8288389adb
                                                        • Instruction ID: 7871a6a5c2f6bc4879c87a232b1eb48710ba9e52b7df0fe018bef107ad05cf1f
                                                        • Opcode Fuzzy Hash: ce6e467bde63735fe3e138eda574c671e58dafe0fd36ce0eb607be8288389adb
                                                        • Instruction Fuzzy Hash: 9A31D970A002089FDB14EF79E89469DBBB6FF85314F00452ED115AB395DF71AD05CB91
                                                        Function 02194B5E Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0400b6e0eafd3aee65d435c4fd6d3152b1bffe7eebb484eed0f3fe173e409ca7
                                                        • Instruction ID: 743ecf573724516f2a07752a1d8d1d19041f432985f86755ecddd113acdda410
                                                        • Opcode Fuzzy Hash: 0400b6e0eafd3aee65d435c4fd6d3152b1bffe7eebb484eed0f3fe173e409ca7
                                                        • Instruction Fuzzy Hash: 6E21F170204701AFD709FB39E8C1A6E7BA6FF80300B048E29E0058F255DF74AD8A9795
                                                        Function 02192C58 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77b2335e5c6d56c7a9800b6d2c42cc6def2910bf016af72d90f5d039e53b3b88
                                                        • Instruction ID: 41c9b5ccc678c6c0f09635deba0489cdc3f298a7632628e91e6b6a16abdf8a95
                                                        • Opcode Fuzzy Hash: 77b2335e5c6d56c7a9800b6d2c42cc6def2910bf016af72d90f5d039e53b3b88
                                                        • Instruction Fuzzy Hash: 8C31097491020ADFCB04EFA9D5C4AEE7BB5FB88314F10552AE901AB394DB326D80CF91
                                                        Function 02195698 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1b5ded5b4c5cba0fd4353d89ce1183aec445f0e7198ac1cce5a2990e1eb8147d
                                                        • Instruction ID: 5d7307738fb9f03bfbeeea1d6804dd09b99277268e111a64aee7e76e743b8e55
                                                        • Opcode Fuzzy Hash: 1b5ded5b4c5cba0fd4353d89ce1183aec445f0e7198ac1cce5a2990e1eb8147d
                                                        • Instruction Fuzzy Hash: CC217C74B016149FCB19DF6AD598A6EBBF6AF88600F644069E806EB361DF70ED01CB50
                                                        Function 0219288D Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07c1a358ddfbdcff5555fe575ba3a6b89a3249a11232938b7f3e1f53699c137d
                                                        • Instruction ID: 6c8365b9d3980d1c7bebc21a5da96392c19c87978f8eba6f6a16329383bab5ee
                                                        • Opcode Fuzzy Hash: 07c1a358ddfbdcff5555fe575ba3a6b89a3249a11232938b7f3e1f53699c137d
                                                        • Instruction Fuzzy Hash: 6F31FAB0E14218DFDF19EFA5D8846ADBBB6FF88304F10552AD802AB264DB355845CF10
                                                        Function 02195C42 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 128319d977e539c98bfd23713f8057e7282b716fdd231e4cdf4381efa6adc59f
                                                        • Instruction ID: 5f3f51f0cd3f187b577785a3ca13d16c834f9a9e00245dd452e29946db2fc4f1
                                                        • Opcode Fuzzy Hash: 128319d977e539c98bfd23713f8057e7282b716fdd231e4cdf4381efa6adc59f
                                                        • Instruction Fuzzy Hash: B621AF70A442889FDF06CBA8C494BDCBFF2EF49310F654099D441BB2A2CB355D46CB60
                                                        Function 02194B80 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e52805c28c0503cade1ea33519ce1029ed3e76924690c04afff9160414fa646b
                                                        • Instruction ID: 049e32d441277e3d36b5919c99d0258bceebefe02fdfc58b51325f8302ec2682
                                                        • Opcode Fuzzy Hash: e52805c28c0503cade1ea33519ce1029ed3e76924690c04afff9160414fa646b
                                                        • Instruction Fuzzy Hash: E721A1702006015BD709FB79E8C0A6E77A6FB80310B048E28E4059F655DF75BD899BD5
                                                        Function 02192908 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f492700470acb31fc8cf12f1bf5e79d51fb8b0b88f1592e18efc23e21ec537e8
                                                        • Instruction ID: 36c90c3c0d4a17c6e979c1b865475b91783d345efe67b162a5b216dcabbaf5c1
                                                        • Opcode Fuzzy Hash: f492700470acb31fc8cf12f1bf5e79d51fb8b0b88f1592e18efc23e21ec537e8
                                                        • Instruction Fuzzy Hash: F8213C70E10218DFDF18EFA9D880AADBBB6FF88300F00912AD811B7268DB315801CF51
                                                        Function 02196888 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d30732db5ebca5406231c1b5e0ee96d35e7536b41356826f5146479998dec16
                                                        • Instruction ID: 04233bf5c71984dc3a55211e0b1a4c0d91fb7b2f14f13cd0f79d3dee1c3962d5
                                                        • Opcode Fuzzy Hash: 1d30732db5ebca5406231c1b5e0ee96d35e7536b41356826f5146479998dec16
                                                        • Instruction Fuzzy Hash: 68215C71D40249DFDF18DFA4CA48BAEBBFAEF44304F108069D405A7261DB769A05DF61
                                                        Function 02195C68 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cac7766a6098cebbe61af808378b36702404f7ce329836ae9564d15d25491333
                                                        • Instruction ID: 797ec7a030bc89f405999b5cd400f4ffa99785ae3fdd1fd6b458c5136d0bbd1e
                                                        • Opcode Fuzzy Hash: cac7766a6098cebbe61af808378b36702404f7ce329836ae9564d15d25491333
                                                        • Instruction Fuzzy Hash: 62215675A402189FDF05CBA9C588BDDBBF2AF4C310F6000A5E405BB360CB35AD84CBA0
                                                        Function 0219296A Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 374709ae9e3c11c483130c921dba4fda500dd47ca2a054c223648397851803d1
                                                        • Instruction ID: 906eb72bb58115e3255b651c5283f22b8b0088903a26aa8b2dcc66cd0c1e6938
                                                        • Opcode Fuzzy Hash: 374709ae9e3c11c483130c921dba4fda500dd47ca2a054c223648397851803d1
                                                        • Instruction Fuzzy Hash: B621C474A10218DFDF15EFA9D980AACBBB6FF88304F10412AE805AB365DB31AD41CF51
                                                        Function 021941A2 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3438a474ecbe2ccd61b8354dbf05ddb1f380756b57ea548ae6be05434d1a072e
                                                        • Instruction ID: 25940a9b2f30f302873e3a462293ae5c446b878c826623f404aea5b53524cb04
                                                        • Opcode Fuzzy Hash: 3438a474ecbe2ccd61b8354dbf05ddb1f380756b57ea548ae6be05434d1a072e
                                                        • Instruction Fuzzy Hash: 39014C3130D3805FD7067B799C610AE3FBAEFC651031844AAE405DB343CE255D0783A6
                                                        Function 021932E0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 261224786173ba769b7db92d1dedd8b82adba3d4e2ad677d1deeaa2048c94614
                                                        • Instruction ID: 975d005abac2b51f8864313b46f744b1223e039f5d2063dc02fc49f5f741735d
                                                        • Opcode Fuzzy Hash: 261224786173ba769b7db92d1dedd8b82adba3d4e2ad677d1deeaa2048c94614
                                                        • Instruction Fuzzy Hash: 6E110C34A542449FDB04EBB9E8997AD7FB3EB88311F008439D9069B281DF3E5C06DB50
                                                        Function 02195940 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4dc08fcbd815e750df6233915a23249deaa25e74e715b4d9b5ba7975f6fd10dd
                                                        • Instruction ID: afa7b3c37c4dd156475891558467495eb86668906dd3d007e87ea31dc27b370a
                                                        • Opcode Fuzzy Hash: 4dc08fcbd815e750df6233915a23249deaa25e74e715b4d9b5ba7975f6fd10dd
                                                        • Instruction Fuzzy Hash: 0D01A4763002108F8704AB6EE49492DB7EAFBC9766314457EE605C7310DE36DC0287A0
                                                        Function 02192A80 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7ebc131dfd58a1d2dac1ce292ab655262f7e0fbe81a6de1c2a1d80cacdd354f
                                                        • Instruction ID: 6562943565febaadf050b082e69a21d1d07b6ddf517aeb8c9ec093862ceb3b2a
                                                        • Opcode Fuzzy Hash: d7ebc131dfd58a1d2dac1ce292ab655262f7e0fbe81a6de1c2a1d80cacdd354f
                                                        • Instruction Fuzzy Hash: D001BC746047008FC702EB3CC81648B7BE2FF82A147108A6AE146DB32AEF74EC018BC1
                                                        Function 021932F0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7ce93c6ee22706c8917ff67f2d0afb61c578180bdb2f142c9152ab8c0663a1e
                                                        • Instruction ID: 568b8eb87d5b7d9a8a54aeb0c1f786aa3013812f69db50fcd9ffc4f782b3a43e
                                                        • Opcode Fuzzy Hash: d7ce93c6ee22706c8917ff67f2d0afb61c578180bdb2f142c9152ab8c0663a1e
                                                        • Instruction Fuzzy Hash: 8F01D734A182449FDF08EBBAE458BAE7FB6EB88311F004429D9069B280DF7A5C05DB50
                                                        Function 02194237 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9994bee95e8ccab4662073a5abea6901d2b0aab35e0ff588cf03893bb56d7d5e
                                                        • Instruction ID: fd30dd7f256620eb56e466f67c2d7dd3b41024f4946d3f4fed63c303583bd7a4
                                                        • Opcode Fuzzy Hash: 9994bee95e8ccab4662073a5abea6901d2b0aab35e0ff588cf03893bb56d7d5e
                                                        • Instruction Fuzzy Hash: 85F0A0722046001BC709AA3EAD915EE2F67EFC1A10B08953DE8458BA46CE345D8757E5
                                                        Function 02192A90 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77cecf0db28a850a089060e6381363f2620da1be07fdcf970865456b9cab70a2
                                                        • Instruction ID: e1e2fb438d2dff4a545fd472e6fdfa021718244fcfeb767209e9762e756d4dc4
                                                        • Opcode Fuzzy Hash: 77cecf0db28a850a089060e6381363f2620da1be07fdcf970865456b9cab70a2
                                                        • Instruction Fuzzy Hash: C3F064716106008FC711EB7DC50585B7BE6FF86A147108A69E64AEB329EF71EC048BC1
                                                        Function 0219593E Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 76a5828da49ddc6871e1765d3c1ba4615d424813cd20d344cf2697ffacc2c5f7
                                                        • Instruction ID: 7d8f586013238a9d781759d78a1cb326a818dce9810d5b5ffd1ec1e6f8d7d798
                                                        • Opcode Fuzzy Hash: 76a5828da49ddc6871e1765d3c1ba4615d424813cd20d344cf2697ffacc2c5f7
                                                        • Instruction Fuzzy Hash: BEF05E753002109F8704AF2AE49892DBBAAEBC9765324817AE909CB310DF31DC028BA0
                                                        Function 02196388 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 26e1f41c02b27cb06b8b3f1df44ae12b659a7e91570c486a9713568a156047d2
                                                        • Instruction ID: 8be93191b955b4a5704c1438cf3787927718f286e316df5dc304ed8af75efa23
                                                        • Opcode Fuzzy Hash: 26e1f41c02b27cb06b8b3f1df44ae12b659a7e91570c486a9713568a156047d2
                                                        • Instruction Fuzzy Hash: 0DF09670A14349EFDB40EFB9E58549DBFF1EF55300B1086AAE405EB252D6305F46DB42
                                                        Function 021941E0 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8c4f5b280e05105557dfc523a05cb10937ec00ab0077805ac1b103af0dbd2318
                                                        • Instruction ID: bfd399adadd9e5496ec6a0071de6c3f83b40ea1e59ffcf7630fed189bf76b7fe
                                                        • Opcode Fuzzy Hash: 8c4f5b280e05105557dfc523a05cb10937ec00ab0077805ac1b103af0dbd2318
                                                        • Instruction Fuzzy Hash: 37E0ED713042042FA718B6AAAC9197F6A9EFBC9A607540829F409EB344CE266D0243A9
                                                        Function 02192D92 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cdc625504bb78c35af647dcf065ff5c63184de4899e5d0a00d5e3be0558328dd
                                                        • Instruction ID: 60c527dc798007c5f6d41299607c6ff45614982d287fc182f2fc9f458518dcf3
                                                        • Opcode Fuzzy Hash: cdc625504bb78c35af647dcf065ff5c63184de4899e5d0a00d5e3be0558328dd
                                                        • Instruction Fuzzy Hash: F3F058B1E20119CFDB84FFAC98456DDBBF0EF48210B108076D519E7241EB708A128B91
                                                        Function 02196398 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d328b647bfdfe049c9fa4bfcbdbc99f3886a83da2e64d1a0420788ea7363f111
                                                        • Instruction ID: c5c46a2fce0d40642e16898e6d06ecf1153337f91f926a246bbaa73c87b2bd66
                                                        • Opcode Fuzzy Hash: d328b647bfdfe049c9fa4bfcbdbc99f3886a83da2e64d1a0420788ea7363f111
                                                        • Instruction Fuzzy Hash: D5F08270A00309EFDB40EFA8E5455AD7BF6EF44200F1046A9A408EB244DA306F019B41
                                                        Function 02191FF8 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba50814960bc9c9f8140cee1211c2a2dcef283cd8ad1d13c068401a5f574cfdf
                                                        • Instruction ID: adbecc5bde7474f21c5dc49f7ac39f68c386bcd5f63b4309b7b2fee22a7b8d4b
                                                        • Opcode Fuzzy Hash: ba50814960bc9c9f8140cee1211c2a2dcef283cd8ad1d13c068401a5f574cfdf
                                                        • Instruction Fuzzy Hash: A4E0D8757093414FCB549B7ED4584897BE5DF8A21530244BAE005CB362CD74CC078761
                                                        Function 02192DA0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 419ce7cbb3f798eda84c028ac6ce558c2c70eb2a9a98c24178508503a73daa81
                                                        • Instruction ID: 8d65403cda764ca91183a1949db75769867173cbfc74cd0c57d932e97cd189d1
                                                        • Opcode Fuzzy Hash: 419ce7cbb3f798eda84c028ac6ce558c2c70eb2a9a98c24178508503a73daa81
                                                        • Instruction Fuzzy Hash: 3AE0C971E201189F9B84EFAD95056DEBBF5EB48210B1140AAD619E7311EB709E018B91
                                                        Function 0219374E Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b58016186980525f85ac84656bd196a387eb300506dc354453a03abb266a760d
                                                        • Instruction ID: 6272b11a0d7ee31daed559ee79d052479c78a3b5277f58f7179ff89f1bed57e1
                                                        • Opcode Fuzzy Hash: b58016186980525f85ac84656bd196a387eb300506dc354453a03abb266a760d
                                                        • Instruction Fuzzy Hash: 5DE0C23A711114478B2C6726B89417E27ABDFC86617288036DE09C3328EF218C0342D1
                                                        Function 02192008 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db471c900f7435565f89b3ab5767916211f7b425596c11560be7e131e83094b0
                                                        • Instruction ID: 64b3ced698bb6c342fdfa0d88da36c75ff10f33e9bcf4393154239f85ab12f56
                                                        • Opcode Fuzzy Hash: db471c900f7435565f89b3ab5767916211f7b425596c11560be7e131e83094b0
                                                        • Instruction Fuzzy Hash: F9D017357042148FCB14ABBFE41885A7BEAEFC962230104BAE50ACB361DEB5DC0187A0
                                                        Function 021966C8 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0455792505239b5cbde2244d8fb34f61d1cefd2a867fc0276651531c924c8fff
                                                        • Instruction ID: e742240e425d2e43caddfc09d8d3d36bff96956e0cf3f63e3b5e9f85d7e808fa
                                                        • Opcode Fuzzy Hash: 0455792505239b5cbde2244d8fb34f61d1cefd2a867fc0276651531c924c8fff
                                                        • Instruction Fuzzy Hash: 5DD0A755B082E04FD743236CB0114A86FD1DE8510030950FBF2C1DB363CC284D075746
                                                        Function 02196469 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2755cb0172a693c86d7786d78b88d334877706703c2337d192a33921cf3ed31f
                                                        • Instruction ID: e15a250d730209ed02f1eafb8a7248ce8f01f0a9c7f120238592d922315ab005
                                                        • Opcode Fuzzy Hash: 2755cb0172a693c86d7786d78b88d334877706703c2337d192a33921cf3ed31f
                                                        • Instruction Fuzzy Hash: 2FD05EB93542008FE308DB68E0C182137A2EF9C31070049EAF189CB3B5D920DC438B19
                                                        Function 02196478 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa5ea842698506fe0d8e7eb2ea97d0163bf745e0f72bed2e28f1b7ff44f770a2
                                                        • Instruction ID: 0a84df6dc4c0cc9d24ac07a4940077a1b2999c4ceacb33b1c6abeeae311d9aee
                                                        • Opcode Fuzzy Hash: aa5ea842698506fe0d8e7eb2ea97d0163bf745e0f72bed2e28f1b7ff44f770a2
                                                        • Instruction Fuzzy Hash: D2C012743503048FC208EB5CE08082533EAAB8C71471004A5E549CB375CD21FC418658
                                                        Function 02195640 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.2889449449.0000000002190000.00000040.00000800.00020000.00000000.sdmp, Offset: 02190000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2190000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca1c96ffa1c794595546d1ce48db21d11cd0452bf0221da371bf2ce5e19f0d9a
                                                        • Instruction ID: 0ea04d6791486a5893b519ffc58c2de8d7409e498517f5964589ffd6cb1a6c14
                                                        • Opcode Fuzzy Hash: ca1c96ffa1c794595546d1ce48db21d11cd0452bf0221da371bf2ce5e19f0d9a
                                                        • Instruction Fuzzy Hash: 7EB02B30144209678A011516AC084113B1EEB4101D34001A4FC0804110EF23CC1140C0

                                                        Executed Functions

                                                        Function 00E64F58 Relevance: 11.9, Strings: 9, Instructions: 604COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq
                                                        • API String ID: 0-3711252534
                                                        • Opcode ID: 78e5741fabcb9e974937518a1b1d1b1e4cdc19482d5f7a38d4140e2465413a0f
                                                        • Instruction ID: a8cdc5a94fcf39951a95ba643d43113dfd8ab0ec5f20b8049d32832663d67df4
                                                        • Opcode Fuzzy Hash: 78e5741fabcb9e974937518a1b1d1b1e4cdc19482d5f7a38d4140e2465413a0f
                                                        • Instruction Fuzzy Hash: 78329035B00614CFDB48EF68E5546AEBBF2AF89340F2490A9D406E7395DF349D42CBA1
                                                        Function 00E63860 Relevance: 4.4, Strings: 3, Instructions: 681COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 761fe5753c3a51a0f1e70bdb3bee08f7d038f704cc9781a3a67e4de27847d207
                                                        • Instruction ID: 104f54f65854585e6ac66d96a6838e95ec26f27357f1d6c25c61952b5e8e39d8
                                                        • Opcode Fuzzy Hash: 761fe5753c3a51a0f1e70bdb3bee08f7d038f704cc9781a3a67e4de27847d207
                                                        • Instruction Fuzzy Hash: F3425174B102149FDB05EBB8D8A4AAE7BB7EF88340F148059E506E73A5DF349D41DBA0
                                                        Function 00E63750 Relevance: 3.8, Strings: 3, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: a9d84d06a2f1c1bb9f268d5d0418665ae11cb453c38c2e89637416de037a9c4e
                                                        • Instruction ID: efeeabbb740ac46db521d1cd2b0e37a8b159c86cea9f1242255e2bc61b087d45
                                                        • Opcode Fuzzy Hash: a9d84d06a2f1c1bb9f268d5d0418665ae11cb453c38c2e89637416de037a9c4e
                                                        • Instruction Fuzzy Hash: 59214826B081504FD7196B39681003E2BE79BDA32031845AAE906D73C5DE289D0743B9
                                                        Function 00E6BEAF Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: c8a7ca7ee813145b332402b40d5cb1c3f62d9de3fdd8fa27fd4140a0aa91b34f
                                                        • Instruction ID: 46a45235946c86264488aef524ecaa5f9897c17a6d75de44ec8eec4064faf530
                                                        • Opcode Fuzzy Hash: c8a7ca7ee813145b332402b40d5cb1c3f62d9de3fdd8fa27fd4140a0aa91b34f
                                                        • Instruction Fuzzy Hash: 6B416D747006108FC754DF2DD498A6EBBF6FF89710B2584A9E506DB3B6DA71DC018BA0
                                                        Function 00E6BEC0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: ba97663676b9cf0854aee85a01a968267a0c63c4e883b1af0db9aeb0c2d18e8c
                                                        • Instruction ID: c2e1c2bf011ed0632823f783916e6273a3dbe28d9d8172b6e79d42b6bd599bbd
                                                        • Opcode Fuzzy Hash: ba97663676b9cf0854aee85a01a968267a0c63c4e883b1af0db9aeb0c2d18e8c
                                                        • Instruction Fuzzy Hash: 8F313C747005108FC744DF6DC598A6EBBF6FF89710B2584A9E506DB3B6CA71DC018BA0
                                                        Function 00E62B10 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: 7e18e154b3768c856494fcfa750e2482073a6c17c2bb27e5593e84f9d8da50a8
                                                        • Instruction ID: 45425c1412c940f14ee9da33ac9c8d66e3c00f86d573ae5afbbef87a53302c5f
                                                        • Opcode Fuzzy Hash: 7e18e154b3768c856494fcfa750e2482073a6c17c2bb27e5593e84f9d8da50a8
                                                        • Instruction Fuzzy Hash: 01312B347006468FD70AAB39D56495E33B7EBC9A64B2081ACD50ADB3BDDE359C03DB84
                                                        Function 00E62B20 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: 4deffafd565c30d391f3451c74e4f050466b02108eb083ba571ef9116c12044f
                                                        • Instruction ID: e5f7ae1564d3f867cb19f1a8b835164e707e7897eb8a0d7acf9ec9940391b9c2
                                                        • Opcode Fuzzy Hash: 4deffafd565c30d391f3451c74e4f050466b02108eb083ba571ef9116c12044f
                                                        • Instruction Fuzzy Hash: C331E9347006168FD709AB39D56495E73B6EBC9A64B2081ACD50ADB3ACDE35DC039B84
                                                        Function 00E64248 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: f0ebb20e4e8d8b12e893bafae01a17933987f6746f1c04d805ebd19748a79c4b
                                                        • Instruction ID: eff6d7ac21a71ed3ad6d7a9712dfc344fc0e5d4486c160dd8d8f888f85cc7033
                                                        • Opcode Fuzzy Hash: f0ebb20e4e8d8b12e893bafae01a17933987f6746f1c04d805ebd19748a79c4b
                                                        • Instruction Fuzzy Hash: EE019C723081500FE30AAB7D682016E3BA3DFD2610358489EE441DF395CE289D0683E5
                                                        Function 00E61049 Relevance: .8, Instructions: 841COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e767e957f3d1aa20643d609dc4f0e1a0305ebb20a18ebd8762ef630317948f0f
                                                        • Instruction ID: 262da311da17b7c2436c40edc66dd5ea188f5e7fafbf0b453d680be3785157b3
                                                        • Opcode Fuzzy Hash: e767e957f3d1aa20643d609dc4f0e1a0305ebb20a18ebd8762ef630317948f0f
                                                        • Instruction Fuzzy Hash: 64820BB8A10609DBDB06EBF4D594BAE7B76EB88300F105454EA4133398CF356D91EB36
                                                        Function 00E61058 Relevance: .8, Instructions: 835COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cc579fd5eea59bfb60a4af7dc33f3e89515b8c0d9857748ea1cb5095a57f2bae
                                                        • Instruction ID: d7ac281aafb9637f7655d25c7aa2d7f8e8baeeef54cb8b61c34edd817f99eada
                                                        • Opcode Fuzzy Hash: cc579fd5eea59bfb60a4af7dc33f3e89515b8c0d9857748ea1cb5095a57f2bae
                                                        • Instruction Fuzzy Hash: 50820BB8A10609DBDB06EBF4D594BAE7B76EB88300F105454EA4133398CF356D91EB36
                                                        Function 00E6B0B0 Relevance: .7, Instructions: 680COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 44b88fa5cb6c1ee49e3c23d69f2320e634652069cea3c65aad9cb00caf995c3f
                                                        • Instruction ID: 4d5b931dae4ecc61807507a670bc8a4e2fc5ed9940f906231f0b05daf91961af
                                                        • Opcode Fuzzy Hash: 44b88fa5cb6c1ee49e3c23d69f2320e634652069cea3c65aad9cb00caf995c3f
                                                        • Instruction Fuzzy Hash: FB527734A01600CFCB19EF34E5589697BB6FB84705B2085A9D416EB36ADF75EC81CF50
                                                        Function 00E6BB99 Relevance: .2, Instructions: 175COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 664e381972a2617ae0b3a55c1e96b589740db143a4f001e1fe7ca13c182f6c40
                                                        • Instruction ID: ec916dfdb0160d65f673b0ddd007f57a2dc9e3820cb5d8ef884db72b5fb6b04c
                                                        • Opcode Fuzzy Hash: 664e381972a2617ae0b3a55c1e96b589740db143a4f001e1fe7ca13c182f6c40
                                                        • Instruction Fuzzy Hash: 0F811878A01A05CFC715FF24F6899997BBAFB40744B14D598D1059B22DCBB1EC85DF80
                                                        Function 00E6385B Relevance: .2, Instructions: 162COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b37689a7c31613d72c3574bc11041aac7739a269c4d2cb1892d792d19ec1723a
                                                        • Instruction ID: 6164967f5b9b4e258a7657515392f8584895ec7f25579136c23cbdc3f123c9d8
                                                        • Opcode Fuzzy Hash: b37689a7c31613d72c3574bc11041aac7739a269c4d2cb1892d792d19ec1723a
                                                        • Instruction Fuzzy Hash: AE613A74B11218AFDB05DFB8E894AAEBBB6FF88350F108059E905B7364DB34AD41DB50
                                                        Function 00E65AA0 Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 753ab24caf952480ffd3790304cf42b2c2f3e8be137fa1241789a2807cfce593
                                                        • Instruction ID: 4d0432cce8ae8c52f2b39cf534bfd63fe19de9a3f98ab2c2a5ff9cd46e6edf5e
                                                        • Opcode Fuzzy Hash: 753ab24caf952480ffd3790304cf42b2c2f3e8be137fa1241789a2807cfce593
                                                        • Instruction Fuzzy Hash: 1F514C75B006068FCB04DF69D598A6EBBF6EF8D354B1151A8E509EB365DB30EC01CBA0
                                                        Function 00E65240 Relevance: .1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ee5c3f9b3aa972daf11c2eca9f49db08885fd30f3148751b5c81b91c506e5b0
                                                        • Instruction ID: bc13a738d7401e73e0ae8a2da21ee1b338288b555806bbe6a75d53fa1d4ecd9b
                                                        • Opcode Fuzzy Hash: 8ee5c3f9b3aa972daf11c2eca9f49db08885fd30f3148751b5c81b91c506e5b0
                                                        • Instruction Fuzzy Hash: 23513C31B40A18DFCB04DFA4E594AADB7F2BF88795F249069E406B7364DB309C41CB90
                                                        Function 00E6B0A0 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 117ddac13451e3a7063976ef73760fb4a21e07850e4e6d93eef030c30294f744
                                                        • Instruction ID: 7e7699f33a21ed3b346ce4311e27a4e8737bff1bed464087450e8d558a20c0d4
                                                        • Opcode Fuzzy Hash: 117ddac13451e3a7063976ef73760fb4a21e07850e4e6d93eef030c30294f744
                                                        • Instruction Fuzzy Hash: 5731F8706003188FD715EB78E99429DBBB6EFC6304B005959D015EB3A6EF706D468BA1
                                                        Function 00E65A91 Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92b0cc4d1281b9a934932ddfd204c8bb6425a22b39b6adf70dafeffd8998094c
                                                        • Instruction ID: a8c1798198f082903c3d8669d3b8096d688465906d7fd2e262c22a1dd6e6d208
                                                        • Opcode Fuzzy Hash: 92b0cc4d1281b9a934932ddfd204c8bb6425a22b39b6adf70dafeffd8998094c
                                                        • Instruction Fuzzy Hash: 2B415E75B406068FCB04DF68D99496ABBF6FF89354B1141A9E509EB362DB30EC05CB60
                                                        Function 00E62850 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1aff84b88a2291af063b5fa06f0aeaf557a3a56b1e8fb21a4901611d029cd778
                                                        • Instruction ID: f37231008c711323ba319084825bdc34514153cda99278417c47997ceb4a9f0a
                                                        • Opcode Fuzzy Hash: 1aff84b88a2291af063b5fa06f0aeaf557a3a56b1e8fb21a4901611d029cd778
                                                        • Instruction Fuzzy Hash: 9E41D274A006089FDB18EFA5E8949ADBBB6FF88344F205569E901AB354DF359C41CF50
                                                        Function 00E62843 Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e77b9c18594cd9150ac01525e45b7458db767ee14ecb389b000390e6185cfa2a
                                                        • Instruction ID: b8bafb11abe69535eacded65db089521d5a88f948baecc2a687365d43dfda3df
                                                        • Opcode Fuzzy Hash: e77b9c18594cd9150ac01525e45b7458db767ee14ecb389b000390e6185cfa2a
                                                        • Instruction Fuzzy Hash: 0E4138B0A006089FEB08EFA5E8949ED7BB2EB88344F14656DE501B7394EF359D41DB20
                                                        Function 00E65308 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3ff74cf50e31d15c36ae60d65ab022289ed7aa79bf9a888bcd472270faa2364
                                                        • Instruction ID: ac680166bf53a11e6acab02060113f88b9d681e0a13b22e846b607ff28494115
                                                        • Opcode Fuzzy Hash: a3ff74cf50e31d15c36ae60d65ab022289ed7aa79bf9a888bcd472270faa2364
                                                        • Instruction Fuzzy Hash: CE411935B40514DFCB04EFA4E5989ADBBF2FF88341F2090A9E806A7364DB349C41CB90
                                                        Function 00E62C48 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 46fcfe7d13f1e9a99c2f0e12d8fa2261d65ffaeb585d3c0a92f26bcf225ae233
                                                        • Instruction ID: 1c690c6b2808b1447a9b93eb1540ef5ae903324c962a7a6d61ef3b457b6f7a41
                                                        • Opcode Fuzzy Hash: 46fcfe7d13f1e9a99c2f0e12d8fa2261d65ffaeb585d3c0a92f26bcf225ae233
                                                        • Instruction Fuzzy Hash: 41413774A00609CFCB05EFA8E8A49EEBBB6FF48314F1055A9E501A7368DB355D41CFA1
                                                        Function 00E62C58 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 198bec30c30b20c6f77bbd32debd00ade836f64cd8d91f9c2e33291cba6c4446
                                                        • Instruction ID: fdd948d0f9db50d17a2716395f7d60c3440100cfa35eb9584ddc237ffd2087b6
                                                        • Opcode Fuzzy Hash: 198bec30c30b20c6f77bbd32debd00ade836f64cd8d91f9c2e33291cba6c4446
                                                        • Instruction Fuzzy Hash: 7F310774900609CFCB04EFA8E5A49EEBBB6FB48314F1055A9E501B7358DB746D81CFA1
                                                        Function 00E65698 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d82d62887881d8ffa2f6fff624ea06dd6acde8f181de75271940711d7ef61a1
                                                        • Instruction ID: c955828f7f4e1a4c5950bea9457193001c64b4fa6ef4596fe548cc17ed55fef7
                                                        • Opcode Fuzzy Hash: 5d82d62887881d8ffa2f6fff624ea06dd6acde8f181de75271940711d7ef61a1
                                                        • Instruction Fuzzy Hash: BF219C75B016149FCB18DF69E598A6EBBF6AF88740F644069E806E7361CF70ED01CB60
                                                        Function 00E6288D Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4c98a2228cf22473090d6e03e0c466fb6721ebde0f746effc5f978228570c53
                                                        • Instruction ID: 34555f7e3f2c56280e0d7569a52dff527645a6e57356704124fe1128eb28c732
                                                        • Opcode Fuzzy Hash: e4c98a2228cf22473090d6e03e0c466fb6721ebde0f746effc5f978228570c53
                                                        • Instruction Fuzzy Hash: 94310570A006089FDB58DFA5E8946ADBBB6FF88344F24646DD901A7394DF359C41CB20
                                                        Function 00E64B5F Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e29157d47cd50d68e55b394eabb5677af7ccea9ff1d612ebdd9258f0ca53a375
                                                        • Instruction ID: dce53251942dfa18efdda08000b100ee563554f3016dc67c700752800dad33ea
                                                        • Opcode Fuzzy Hash: e29157d47cd50d68e55b394eabb5677af7ccea9ff1d612ebdd9258f0ca53a375
                                                        • Instruction Fuzzy Hash: 8C21F2702046015FC709EF78E89065DBBA7EF81304B048E2DE0058B6A5DF70AD898BB5
                                                        Function 00E64B80 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b1d647fd5e89bee994c9929f74356e351cdd73f4ee598d0285d9df94706d1ee
                                                        • Instruction ID: aad5146d6ba33a8e69c1377f28cc0072e583e9c909a9a4bee49e8ee8047084f2
                                                        • Opcode Fuzzy Hash: 0b1d647fd5e89bee994c9929f74356e351cdd73f4ee598d0285d9df94706d1ee
                                                        • Instruction Fuzzy Hash: 062190702006016BD718EF79E890A6EB7A6EBC0314B049E2CE4059B755DF70BD899BF4
                                                        Function 00E65C43 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1aa65a490a7bee6dba8f082f9ba59e5682b45bed846f037f6b0216bb63795377
                                                        • Instruction ID: 210df68ff1687e1f12b47c2cf0ee3c0e8b0c6a3394591f4b56c0984b28bcdb92
                                                        • Opcode Fuzzy Hash: 1aa65a490a7bee6dba8f082f9ba59e5682b45bed846f037f6b0216bb63795377
                                                        • Instruction Fuzzy Hash: E621AE76B447888FDB15CBA8D598ADCBFF1AF09350F155099D441BB2A2CB345D40CB60
                                                        Function 00E66888 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 037f71db2fe9a441c77caeea11042c4c62921e1f186df3609d95bdfc5deb33f3
                                                        • Instruction ID: 0728507dcd94f51a4a98dc0be30316e0e4eb429bda13c4ed2f24f0b81dc22ba9
                                                        • Opcode Fuzzy Hash: 037f71db2fe9a441c77caeea11042c4c62921e1f186df3609d95bdfc5deb33f3
                                                        • Instruction Fuzzy Hash: AA21C031950245CFDB14CFA4EA097AEBBF1FF85344F149069C405B72A2DB719E05CB60
                                                        Function 00E62908 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96a5266d91f6e465e61491255b29e202cece06b6903a91d5aedd03b86afb566f
                                                        • Instruction ID: 9d4e293aa936d57be6eaf815b56e1db9221064c4dd748d4a364e7cd51130e0dd
                                                        • Opcode Fuzzy Hash: 96a5266d91f6e465e61491255b29e202cece06b6903a91d5aedd03b86afb566f
                                                        • Instruction Fuzzy Hash: 1D210270E005089FDB08DFA9E8909ADBBB6FB88344F10A12AE915B7358DB309C01CF60
                                                        Function 00E65C68 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5fb8bdba955a1db4576337cc6f1fbb616758ec3757bd3d792a303feb97c0444
                                                        • Instruction ID: 33393f52aca1d56a1d5553b3ed466aa3e00497e432d92f80761db2889402e33d
                                                        • Opcode Fuzzy Hash: d5fb8bdba955a1db4576337cc6f1fbb616758ec3757bd3d792a303feb97c0444
                                                        • Instruction Fuzzy Hash: A3212476B402188FDF14CBA9D588ADDBBF1AF4C314F2010A5E505BB3A1DB75AD84CBA0
                                                        Function 00E6296A Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 924bbed00c1849356820b5934a370129fc10ee78988827e988f4bd7ab4344c79
                                                        • Instruction ID: 4d14d8cf3bad0512f15dd285de30191734546983f58389b89535655487516348
                                                        • Opcode Fuzzy Hash: 924bbed00c1849356820b5934a370129fc10ee78988827e988f4bd7ab4344c79
                                                        • Instruction Fuzzy Hash: 3B21E474A00208DFDF44DFA8E99499CBBB6FF88344F205169E905AB364DB30AD41CF50
                                                        Function 00E62A80 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2fdd4a841c09dfbb175b6ff852c720a6f1eaf52a5a24d89ddb92a4a4dc6b527
                                                        • Instruction ID: 10b6e2565d86d18f2efac8c18d3c7a7c51ff99ee99ccf5f2f8a7fdf7b8df7c63
                                                        • Opcode Fuzzy Hash: a2fdd4a841c09dfbb175b6ff852c720a6f1eaf52a5a24d89ddb92a4a4dc6b527
                                                        • Instruction Fuzzy Hash: 0311CE382007409FC712EF68D5844967BF6EF8635431089AED285CB36ADF71EC05CBA1
                                                        Function 00E641A2 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4fe05119928043a467b39fdd6e2708f54238aff843473754c664e130baef717
                                                        • Instruction ID: 14bb1f3b5d9650766adbf12862233324649f94b0347d51bf325673962a114e44
                                                        • Opcode Fuzzy Hash: f4fe05119928043a467b39fdd6e2708f54238aff843473754c664e130baef717
                                                        • Instruction Fuzzy Hash: AC0124713082505FE70A6F68A8601AD3BBAEF86214358449BD405EB396CE245D06C7B9
                                                        Function 00E65911 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8a5c7b12ef25d949fe2db2cb8ed8e37a0f51feb63acabd1a4e99abc23feb98b
                                                        • Instruction ID: c438c3f4cf859ebbf938a5e05b7415df51236f7058ffa0860b351e89968857e1
                                                        • Opcode Fuzzy Hash: b8a5c7b12ef25d949fe2db2cb8ed8e37a0f51feb63acabd1a4e99abc23feb98b
                                                        • Instruction Fuzzy Hash: D801DF733092408FC7569F68E864408BFB6EFAA39431984AFD545C73A3CA348C05CB60
                                                        Function 00E632E0 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f73598a4fc27ca87dfe758a86cc47f20adbe1efb4c265cb8b9c8a3a49ffbe776
                                                        • Instruction ID: 799416f690b55f30f71eaffe9901462f5ec28a6a7f34ac991f9fca501e7b37e5
                                                        • Opcode Fuzzy Hash: f73598a4fc27ca87dfe758a86cc47f20adbe1efb4c265cb8b9c8a3a49ffbe776
                                                        • Instruction Fuzzy Hash: 13113C34A646408FCB45EFB8E46869D7FB2EB89315F0444A9E50ADB386DF394C05CB51
                                                        Function 00E65940 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 526e369d9ec261ec79f51b0a820eb59bc5024062b2f4df22d87e24be4796a2cd
                                                        • Instruction ID: b9db87b4235127698642c1a2489902ca63658d33e86a5eca65090d13d11a9a81
                                                        • Opcode Fuzzy Hash: 526e369d9ec261ec79f51b0a820eb59bc5024062b2f4df22d87e24be4796a2cd
                                                        • Instruction Fuzzy Hash: 1B0131763102208B8B44AE69F49481AB7BBEBD9669314457AE606D7350CE75DC0187B4
                                                        Function 00E632F0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6fa942d7ff406c67f857fb6454baa4c4bae04dba83c84920e41746df1d9b3d85
                                                        • Instruction ID: c2015bb1072012160a4f4e9fc44cefa364b0fb32decc08d97f09f4df3be88390
                                                        • Opcode Fuzzy Hash: 6fa942d7ff406c67f857fb6454baa4c4bae04dba83c84920e41746df1d9b3d85
                                                        • Instruction Fuzzy Hash: 85010C34E602449BDB44EBB4E4787AE7BF6EB88701F004468E506E7385DF395C05DB61
                                                        Function 00E62A90 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9bb053a1c5559046eccecc0390bcd301e4123a8fc429ff2c6bb4ae38cb21d2e
                                                        • Instruction ID: e288bbff5a402c4cf0a2934c9b20aefff41db567ebf94cf0ab541d1e6bbe23af
                                                        • Opcode Fuzzy Hash: f9bb053a1c5559046eccecc0390bcd301e4123a8fc429ff2c6bb4ae38cb21d2e
                                                        • Instruction Fuzzy Hash: ACF069756106108FC711EF38D50585B7BE6EF86614310996DE15ADB369EF71EC048BE0
                                                        Function 00E66388 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b5105a43c789d8a4691e328dab4725873ee34d9204fd8ee8ba3ee7652017f50e
                                                        • Instruction ID: 266c5b13d469663ccb8b1ce6683710fae26ba662fe4acf5eecd8701cd32626c4
                                                        • Opcode Fuzzy Hash: b5105a43c789d8a4691e328dab4725873ee34d9204fd8ee8ba3ee7652017f50e
                                                        • Instruction Fuzzy Hash: 8EF0F4706442859FEB05DF6CE99046C7FB2DF933187145AC9E484AF2D2CE306D01EB62
                                                        Function 00E641D0 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a34f0225328b180cede719281fd52182d27142563cc57350ca2c8393ea64d52
                                                        • Instruction ID: 3a6c34c201e5869e6b563a4da1e0c9c27f30fe1cd733564acbe31042d21f6a48
                                                        • Opcode Fuzzy Hash: 9a34f0225328b180cede719281fd52182d27142563cc57350ca2c8393ea64d52
                                                        • Instruction Fuzzy Hash: 17F027753082105FE708AFA9B8A043D3BABFBC9258794086EE009DB385CE356D0587BC
                                                        Function 00E641E0 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ff4d670a6a1bee3e3de8fa5a0a497a48dd13f0f1417407688dc10b27f6ddff5
                                                        • Instruction ID: f6fafd68536c3c0d53e35daf986eefed68eca43ae4a6da39ea2b0c2be6928e06
                                                        • Opcode Fuzzy Hash: 9ff4d670a6a1bee3e3de8fa5a0a497a48dd13f0f1417407688dc10b27f6ddff5
                                                        • Instruction Fuzzy Hash: 18E02B713041142FAB08AFAA7C5197F77EEEBC9664754082DF009D7384CE356D0043B8
                                                        Function 00E64237 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0f32fafd72605b14c2034930849cdbca5d9e3738052e9c450d404fc033c2b64
                                                        • Instruction ID: bbbf68bcba363ce8d8c4c613b451bc25bd89072d2b5a43fa4c8fb77f94609282
                                                        • Opcode Fuzzy Hash: b0f32fafd72605b14c2034930849cdbca5d9e3738052e9c450d404fc033c2b64
                                                        • Instruction Fuzzy Hash: 2FF020752002004FC309AF6DE96016D3B63FFC0720B89196DE4848BAA9CE386D819BE4
                                                        Function 00E66398 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c40951b81ccf602fe0264ac1aee39018ee73152f7e014f997522fe2db3a4276
                                                        • Instruction ID: b96ce52d2bccf70cb625c29ab586e97f703bf1b9d0ed718fb65cb77692800048
                                                        • Opcode Fuzzy Hash: 1c40951b81ccf602fe0264ac1aee39018ee73152f7e014f997522fe2db3a4276
                                                        • Instruction Fuzzy Hash: 68F08270A00209EFDF40EFB8E54199DBBF6DF84204F1045A9A408E7340DE306F019B65
                                                        Function 00E62D93 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf1ec16cbaf81ff7a363a50e29f47f5e4088d5aa208b0888d5ea442651d151ab
                                                        • Instruction ID: 8fa298c9b7fc0c34630f1e0855f6d31fafdff790eced09ffa91be2f6627377db
                                                        • Opcode Fuzzy Hash: bf1ec16cbaf81ff7a363a50e29f47f5e4088d5aa208b0888d5ea442651d151ab
                                                        • Instruction Fuzzy Hash: 7DF02071F100558FCB15AF6CD8004CEBBB2DB483A432042A9E219E7392EB30AD039B80
                                                        Function 00E61FF8 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 891e7e7872cab83d88771f84084147e721063fe266eceb4701f8d16647dc7016
                                                        • Instruction ID: 5265ca7d6673744e486f1f8bd86a9bb24bfff71517d97a1224347aac1b1617c0
                                                        • Opcode Fuzzy Hash: 891e7e7872cab83d88771f84084147e721063fe266eceb4701f8d16647dc7016
                                                        • Instruction Fuzzy Hash: 5EE09A347183508FC7255BBDD0688893BE6EF8A22530604FAE105CB372CE788C06C791
                                                        Function 00E62DA0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c6f3df4141ea07fbe87ddd5788fde9bab9096464867dc876228586bde336cb15
                                                        • Instruction ID: e23aafd68007a1513a3445d40c8d7f6e5ba9fbcba7687998a96e0c4251003a43
                                                        • Opcode Fuzzy Hash: c6f3df4141ea07fbe87ddd5788fde9bab9096464867dc876228586bde336cb15
                                                        • Instruction Fuzzy Hash: A7E0ED71E101189F8B84EFBCD5056DEBBF5EF49314B2140AAE619E7311EB709E118BA1
                                                        Function 00E6374F Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1bc14c7b9b9371b46eb894510f662fa958485520d003a85d0005121368a46d80
                                                        • Instruction ID: f53cd60a054205045ebe6cdf4141c442d3f7d2db61e5ad95488fdac84b0fce9d
                                                        • Opcode Fuzzy Hash: 1bc14c7b9b9371b46eb894510f662fa958485520d003a85d0005121368a46d80
                                                        • Instruction Fuzzy Hash: A4E0C27A7012100747245A36B40457B2BAB9BC96B1318403BEE09C7318EE308E0342E1
                                                        Function 00E62008 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f383a7602224181ec707ef6b8be13b2a7c27f17685e5d56d2eb49aeba583f3b
                                                        • Instruction ID: 839bca282a432391bc33f4710400ed28195c619be24b1b0959cb19011fd5c32c
                                                        • Opcode Fuzzy Hash: 9f383a7602224181ec707ef6b8be13b2a7c27f17685e5d56d2eb49aeba583f3b
                                                        • Instruction Fuzzy Hash: 7BD05B357002144FCB1467BDD42C85A77DEDFC952234104BAF506C7360DD75DC0187A0
                                                        Function 00E666C8 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 470950f3109d5cc1f969374a28f7bdc6019a6b1ff7d18f91e1cf5a6f863c09f0
                                                        • Instruction ID: 889e4b414be2ba850914afdcd2ec909fd7d6e2f72fdf392cd405e5be66dcb8d2
                                                        • Opcode Fuzzy Hash: 470950f3109d5cc1f969374a28f7bdc6019a6b1ff7d18f91e1cf5a6f863c09f0
                                                        • Instruction Fuzzy Hash: 69D02E327186E05B9B02176CBC1105C6BE6EBCA3A234A01ABF109E339BCE144C0A83E5
                                                        Function 00E66469 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61f8bb53992649ef86329e11494ef2eb1ecc6763bd7c705fc7dda9818b4c06b8
                                                        • Instruction ID: 7e6809f00c0c78305bc9c4addb5d7188bba966f657da9399f533c90d0441be49
                                                        • Opcode Fuzzy Hash: 61f8bb53992649ef86329e11494ef2eb1ecc6763bd7c705fc7dda9818b4c06b8
                                                        • Instruction Fuzzy Hash: 10E0C2752582004FC304EF28E1918103BB6EB5935030040E5E55DCB376CD24DC028705
                                                        Function 00E66478 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8c924425935e491a1d4793b1099cd21625695bb82aa8ef1940133efe21b8bafa
                                                        • Instruction ID: ed07981ed6b0bc66e68c398fc459dee6cdf3b7009c0eada77397a9c6f414aae1
                                                        • Opcode Fuzzy Hash: 8c924425935e491a1d4793b1099cd21625695bb82aa8ef1940133efe21b8bafa
                                                        • Instruction Fuzzy Hash: 0BC012753842048FC708EF6CE080C2573FAAB8CB1431014A9F90ECB379CE20FC828A58
                                                        Function 00E65640 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.2884556866.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_11_2_e60000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92f4a8fd075e8166478780e6b7a6f6516704e9bb062a89ff00ece0e8bac89285
                                                        • Instruction ID: f1df257d1af5806a8428cb46c981a42fda47b53e63f97a73ccd30aee64502bee
                                                        • Opcode Fuzzy Hash: 92f4a8fd075e8166478780e6b7a6f6516704e9bb062a89ff00ece0e8bac89285
                                                        • Instruction Fuzzy Hash: F2B02B3134020967C6000515FC09411371DEB401187400194AC0C41301ED23CC104080

                                                        Executed Functions

                                                        Function 01574F58 Relevance: 11.9, Strings: 9, Instructions: 607COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq
                                                        • API String ID: 0-3711252534
                                                        • Opcode ID: 779f05d2bec3b1e3d5f46f7f10336eba4de5b4335aa12ec609abf2174afd3070
                                                        • Instruction ID: f6e97a70d4aaa7e0d99c33b6fedafbc607f8a710121756fa7269230e675dd925
                                                        • Opcode Fuzzy Hash: 779f05d2bec3b1e3d5f46f7f10336eba4de5b4335aa12ec609abf2174afd3070
                                                        • Instruction Fuzzy Hash: 69329F31B102158FDB05EF69D495AAEBBF2BF88310F148069E905EB3A5EF349D41CB91
                                                        Function 01573860 Relevance: 4.4, Strings: 3, Instructions: 683COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: b67739385ab9a76e275c8e7dea778263dc765c6d2f798bfac43a450ec0fcf7bc
                                                        • Instruction ID: 23237679aad6d1fae0a7f5e1f5fa3c2a1cb95305a404a86a812f0cfc552f4283
                                                        • Opcode Fuzzy Hash: b67739385ab9a76e275c8e7dea778263dc765c6d2f798bfac43a450ec0fcf7bc
                                                        • Instruction Fuzzy Hash: A6426E74B102199FDB45EBB8D8A4A6EBBB7BFC8310F148069E9059B3A4DF349C41DB50
                                                        Function 01571049 Relevance: .8, Instructions: 840COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 520c77422c7e98b130dac341edfe70e83796134d2c389ac7ec1139565ece6d91
                                                        • Instruction ID: 70a37178e10434b30e5458ddb4204dcdae2f8b3cbdc7f488e9e72a9cfeda599a
                                                        • Opcode Fuzzy Hash: 520c77422c7e98b130dac341edfe70e83796134d2c389ac7ec1139565ece6d91
                                                        • Instruction Fuzzy Hash: 9782E2B4A6020DDBDF06EBF4D6A4B6E7B72EB88300F105414EA4127399CF356D91EB25
                                                        Function 015735F0 Relevance: 3.9, Strings: 3, Instructions: 158COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: e55667ac5d41e26f628b337467b706829c1072da1cce8408b5bae21d4de9e75e
                                                        • Instruction ID: 0943fef390b90df4d6ab76313ed84e94eb3b9ec4cc4c577e19b9f5319640d4ca
                                                        • Opcode Fuzzy Hash: e55667ac5d41e26f628b337467b706829c1072da1cce8408b5bae21d4de9e75e
                                                        • Instruction Fuzzy Hash: D34136317001121BE75DBB7998B063F2AEBFFD52707A88869D806CF398DE249D0687D5
                                                        Function 0157B0B0 Relevance: 1.9, Strings: 1, Instructions: 680COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: e\q^
                                                        • API String ID: 0-3670519274
                                                        • Opcode ID: 02d2fda7b182be14254477c790a7e7118ab6c2ee8e6cd59300860d6d0a2aec98
                                                        • Instruction ID: 4d3c9a4c38810fbee9026e67d16a681f7e839dc89887b4316a548b7a8cc34bcc
                                                        • Opcode Fuzzy Hash: 02d2fda7b182be14254477c790a7e7118ab6c2ee8e6cd59300860d6d0a2aec98
                                                        • Instruction Fuzzy Hash: E2525B34621209CFC729EF38E66996D7BB2FF85301B54886AD4168F26ADF35DC45CB80
                                                        Function 0157BEAF Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 60087be3c6fe3dfc9a252c45d93fbcf32c06532e93d01f95c773443cf4e86826
                                                        • Instruction ID: de20f299066b3a298b463d883faae29914d28f78f529d3a1e6dd5ab82b58560f
                                                        • Opcode Fuzzy Hash: 60087be3c6fe3dfc9a252c45d93fbcf32c06532e93d01f95c773443cf4e86826
                                                        • Instruction Fuzzy Hash: EB414774B006018FD744EF2DC898A6EBBF6BFC9710B2584A9E406DB3B5CA70DC018B90
                                                        Function 0157BEC0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 7847d8776f17e7839135520cc9931ae3eec9a066d5fd96b264322ac03ac9ab80
                                                        • Instruction ID: b73d93cf3e7ccb86f32e2b3e2a8dc1839decc7f20bec0d9e9de1f52ae58530d4
                                                        • Opcode Fuzzy Hash: 7847d8776f17e7839135520cc9931ae3eec9a066d5fd96b264322ac03ac9ab80
                                                        • Instruction Fuzzy Hash: 313139747005018FD744EF6DC498A6EBBF6BFC9710B2584A9E506DB3B5CA71EC018B90
                                                        Function 01572B10 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: 07c899bed33ec07e4b7b20c5f3e002c6d0bcd1f04f7d51c55147d4463fdec63d
                                                        • Instruction ID: f748e37e575e18269c017ef0f5f13a530c629a86037a44e5cc9e3ee0fbc899c6
                                                        • Opcode Fuzzy Hash: 07c899bed33ec07e4b7b20c5f3e002c6d0bcd1f04f7d51c55147d4463fdec63d
                                                        • Instruction Fuzzy Hash: 01310C317402068FD74AAB39D664A5E33F6EBC9A24B208569D40ACB36DDE369C03D784
                                                        Function 01572B20 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: 144ca54cfaa69e211927dbeb65e389df0bdd7106b0ef3b2e1941d0b8e1a8596d
                                                        • Instruction ID: fb922dd79135580f9661b3f02f277905f449291c9a93c6c55b0bdc92a063d039
                                                        • Opcode Fuzzy Hash: 144ca54cfaa69e211927dbeb65e389df0bdd7106b0ef3b2e1941d0b8e1a8596d
                                                        • Instruction Fuzzy Hash: C031E8347402068FD74AAB35D66492E33F2EBC9A20B208569D40ACB3ADDE359C03DB84
                                                        Function 01574248 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: a9212c58492d1445d8e97def9759000b1303fdffabf4936b8044764065e2c419
                                                        • Instruction ID: d10fe470cecb7ac1e2fa3329eb3d9e6eebc9e6856bfab8072a4593d4200ce351
                                                        • Opcode Fuzzy Hash: a9212c58492d1445d8e97def9759000b1303fdffabf4936b8044764065e2c419
                                                        • Instruction Fuzzy Hash: E80124327082901BD30AA77D686416E3FE3FFD2620788489ED8468F395CE689D4693D5
                                                        Function 015737F0 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: bfb32ae7e38a98d5cb1d5700cab5ed4d7195b003f1ac4ad7099366a96589fd52
                                                        • Instruction ID: 36945e39cfdeebd483f894fa3100388655d0cf6ba0a421957c94651686a59840
                                                        • Opcode Fuzzy Hash: bfb32ae7e38a98d5cb1d5700cab5ed4d7195b003f1ac4ad7099366a96589fd52
                                                        • Instruction Fuzzy Hash: 9EF09E327142501BD7196BBD682043F3AEFAFC9330748426AEA05C73D0DE644C065391
                                                        Function 01571058 Relevance: .8, Instructions: 835COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ec093f8cc72054a0632f1185959c18a8b209cdba552227664018854e5fa0c181
                                                        • Instruction ID: 152563077ba0ff5e9dea8c25dbf0f9c39272fdadb07cae4d321e4baef58b0458
                                                        • Opcode Fuzzy Hash: ec093f8cc72054a0632f1185959c18a8b209cdba552227664018854e5fa0c181
                                                        • Instruction Fuzzy Hash: 8182D3B4A6020DDBDF06EBF4D6A4B6E7B72EB88300F105414EA4127399CF356D91EB25
                                                        Function 0157BB99 Relevance: .2, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7b75d1d85e49e296004a83e4b319f144ae14c1244f356bb7f3af3cd8f3845fa4
                                                        • Instruction ID: 250b9329fbb77138402446dda893409effe357206d1b99c5152b0ca22593335a
                                                        • Opcode Fuzzy Hash: 7b75d1d85e49e296004a83e4b319f144ae14c1244f356bb7f3af3cd8f3845fa4
                                                        • Instruction Fuzzy Hash: F6813978A6120ACFC715EF18E6999697BB2FF40340B11D95AD4148F21ECB38EC49DF41
                                                        Function 0157385A Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60604de3e744d82916308ceef2b9f776ad5a15458e0ed13710cbbbbf6ade95d8
                                                        • Instruction ID: b755f3a7b019dd1bac07ec4fe9a10897e3e17ab4bf90fca54b4c14cf6948d90f
                                                        • Opcode Fuzzy Hash: 60604de3e744d82916308ceef2b9f776ad5a15458e0ed13710cbbbbf6ade95d8
                                                        • Instruction Fuzzy Hash: 18612C74A11218EFDB05DFA8E9A5AAEBBB6FF88310F108015E905A7364DF31AC41DB50
                                                        Function 01575AA0 Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5f89c22df8fe5a29d8fe35dfa70020ff83769639c2406e90ae9e6764b4159233
                                                        • Instruction ID: 6344e2cb95079be8dcdb4564c447f47a4ff1a5b1445d864a5b34a13790447685
                                                        • Opcode Fuzzy Hash: 5f89c22df8fe5a29d8fe35dfa70020ff83769639c2406e90ae9e6764b4159233
                                                        • Instruction Fuzzy Hash: CE515C75B102068FCB04EF68D594A6EBBF5FF88310B5141A9E50ADB365DB30ED05CB90
                                                        Function 01572850 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d3216e2820e35a20daf129124686096988b1f520ef7db355bc43bc09de0f828
                                                        • Instruction ID: 9c4cb390e7b86881c1eed1ebc53d420b2387e58d0ad4813c45b61aabbaef0915
                                                        • Opcode Fuzzy Hash: 9d3216e2820e35a20daf129124686096988b1f520ef7db355bc43bc09de0f828
                                                        • Instruction Fuzzy Hash: 50411970A20208CFDB18EFA5E9959EDBBF2FF88310F10552AE901AB254DF745885CF50
                                                        Function 01575A91 Relevance: .1, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 83d087e4639e60080dc8d456f3e7ea37b3fd61ac6b56690f0d16c01420d740e9
                                                        • Instruction ID: d358ec82bdffd6d5d6ede700a3a3ebd7444075730fb189e87cd25e1c83c89cc7
                                                        • Opcode Fuzzy Hash: 83d087e4639e60080dc8d456f3e7ea37b3fd61ac6b56690f0d16c01420d740e9
                                                        • Instruction Fuzzy Hash: 67316CB5B106068FCB04DF69D994E6EBBF9FF88210B514169E509DB321DB30EC41CBA0
                                                        Function 01572842 Relevance: .1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fcd43abbe8c44bfc6fb6915632a018c3bad752f208bf9cd893971684fbf23b0b
                                                        • Instruction ID: 3632f5e9465545863e40d7e546f75946d3a0da43c67b5b57f232fe4b13fa0171
                                                        • Opcode Fuzzy Hash: fcd43abbe8c44bfc6fb6915632a018c3bad752f208bf9cd893971684fbf23b0b
                                                        • Instruction Fuzzy Hash: 5B315E70920208DFDB08EFA5E8955EDBBF2FF88350F14552AD901AB254DF745885CF51
                                                        Function 01575308 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5458bd8ba697584a205280901035ab12f5b93b049b468586fd6c1453fed22c41
                                                        • Instruction ID: 3d1c59ff4daf9a95777b16a90f275e1382bd7e4fb8b974e6ed6a2c80864a8f54
                                                        • Opcode Fuzzy Hash: 5458bd8ba697584a205280901035ab12f5b93b049b468586fd6c1453fed22c41
                                                        • Instruction Fuzzy Hash: 9741FA34A20119DFCB04EFA4E595AADBBB2FF88311F148465E906AB364EB349C41CF50
                                                        Function 0157B0A0 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 774bbe10c44c4eeb9585cf5fe5127ca2526751166a1b7e115ecd268013de5e15
                                                        • Instruction ID: a9278b5f4e54683a88c7c26851862215cc875f7b4b05a29944bb38371070748b
                                                        • Opcode Fuzzy Hash: 774bbe10c44c4eeb9585cf5fe5127ca2526751166a1b7e115ecd268013de5e15
                                                        • Instruction Fuzzy Hash: 7231CF70A102198BC718EB78E8956ADBBF6FFC5310F508929D01A9B3A5EF706D058B91
                                                        Function 01572C48 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a36cf215f4eabd4dfc9a5bf2f48682eda76ed63de03dcc2123e47be53b04aafb
                                                        • Instruction ID: 5275cf1dbb969a4d6dd4bc6e08f2bcec7e64ab5d7c74f72835bd254457d18c02
                                                        • Opcode Fuzzy Hash: a36cf215f4eabd4dfc9a5bf2f48682eda76ed63de03dcc2123e47be53b04aafb
                                                        • Instruction Fuzzy Hash: 25418D74910209CFCB04EFA8DAA0AEEBBB1FF48310F105529E901B7358DB745984CF91
                                                        Function 01572C58 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7bd03a1dd8459b934ef9c5d897c5de09fe274730bea3191728f807585f7134c4
                                                        • Instruction ID: 623801c6589008fd5d9c9af6d0b86e929e0510324bd5effc6617b90160a02e78
                                                        • Opcode Fuzzy Hash: 7bd03a1dd8459b934ef9c5d897c5de09fe274730bea3191728f807585f7134c4
                                                        • Instruction Fuzzy Hash: E6316D7491020DCFCB04EFA8D6A49EEBBB1FF88310F105529E501A7358DB745984DF91
                                                        Function 01574B70 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11f68ed4ec6a464cb52a20d8b081f7dd61b14714286574af27851d3ab55109cb
                                                        • Instruction ID: 2bb184e9fe87af1b60decdc1e7bef15e28ebbe803ff0c971dffa8ff3c45394d4
                                                        • Opcode Fuzzy Hash: 11f68ed4ec6a464cb52a20d8b081f7dd61b14714286574af27851d3ab55109cb
                                                        • Instruction Fuzzy Hash: FB21B2312042025FD709EB79ECE0A9E7BE6FFC1220B444E29E4058F668DF70AD499BD4
                                                        Function 01574B80 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c31682cf51bbd47d22bcda11c3f5d81712770881b8c0b710e575d69c0fde4459
                                                        • Instruction ID: 288bd1bc801e22fd15db0aa5e582f9f03dd83e2fca6628b4b6877e8d092fcfd7
                                                        • Opcode Fuzzy Hash: c31682cf51bbd47d22bcda11c3f5d81712770881b8c0b710e575d69c0fde4459
                                                        • Instruction Fuzzy Hash: 7A2184702003065BD709EB79E8E0A5EBBE6FBC0320B449E29E4054F668DF707D499BD4
                                                        Function 01575C68 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: baba5cde39729fffa5815c6fe33b098850d26d3a8bd716beaadcb93c717f19d2
                                                        • Instruction ID: 78f263eeff0d3c12c11e9318bb53a88095d121cfca79596dcee965acd7905e70
                                                        • Opcode Fuzzy Hash: baba5cde39729fffa5815c6fe33b098850d26d3a8bd716beaadcb93c717f19d2
                                                        • Instruction Fuzzy Hash: 6C213575A102188FDB10CBA9D589ADDBBF1BF48310F6000A5E505BB261DB35AE44CBA0
                                                        Function 01576888 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1cb108153dfd06ead48640a656594cb9f3533b75dc687dc3ee443fac501dedda
                                                        • Instruction ID: 14432303769ac07fd64c9b7e79607617287a2b79ffbc5913c0883656c01d5c12
                                                        • Opcode Fuzzy Hash: 1cb108153dfd06ead48640a656594cb9f3533b75dc687dc3ee443fac501dedda
                                                        • Instruction Fuzzy Hash: EE118171D00606CFEB14DBA5DA0ABEEFBF1BF44300F148469D405AF2A2DB758A05DB51
                                                        Function 01575C5A Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 04bf20d0f05bb8619028c30d557b32877a3c761ec40887342fffd783596538fe
                                                        • Instruction ID: 948a66ee8c117488cd691f5c2064f6ba2c796a8baf9b5be356e28cc5534712a8
                                                        • Opcode Fuzzy Hash: 04bf20d0f05bb8619028c30d557b32877a3c761ec40887342fffd783596538fe
                                                        • Instruction Fuzzy Hash: 13118C75E102188FDB00CBA8D589BDDBBF6BF48310F640095D401BB3A1DB35AD40CB60
                                                        Function 015741A2 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ccec4ee27fd5f6366050725337ee9ffe5d17c9b9aa616411757ae22f4549e597
                                                        • Instruction ID: fd2798352b0f293c0a28fabcc7776995a52a2f2ecfbdad88d48d2067671dcf4a
                                                        • Opcode Fuzzy Hash: ccec4ee27fd5f6366050725337ee9ffe5d17c9b9aa616411757ae22f4549e597
                                                        • Instruction Fuzzy Hash: AE01F1312092826FC7466B659CB05AF3FFAFFC6131398049BE805DB286CE250D0A83A5
                                                        Function 01575911 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb07198b46c6faa4900a310c071420306a9a4c8620aff797de64ca7ac81236d3
                                                        • Instruction ID: d2547c2f800fd19803e71035eab11fa800b0a5163de663ffd4882d8b73900f36
                                                        • Opcode Fuzzy Hash: eb07198b46c6faa4900a310c071420306a9a4c8620aff797de64ca7ac81236d3
                                                        • Instruction Fuzzy Hash: 380126B33203049FC3019A29EC64A1ABFF9EFDA22171940ABE900C7352DA34DC05C760
                                                        Function 015732E0 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 78b6ee74b60c4e9e1c86a9419735071e5c2b3bc9ca4cefc93d2ec2da6eafee8b
                                                        • Instruction ID: 66f9ebcbf798e5dc401a58e6510f7aada291fdcb98322a097c8db921c80e0324
                                                        • Opcode Fuzzy Hash: 78b6ee74b60c4e9e1c86a9419735071e5c2b3bc9ca4cefc93d2ec2da6eafee8b
                                                        • Instruction Fuzzy Hash: 75110035A20344CBCB44EBB4E56A79EBBB6FB88311F44445AE40297790DF795809EB50
                                                        Function 01575940 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c3d9dbc9d93bfdd60ab6b815d4c89496b9c81e40e1e4c90a86c6afe4398e1ac
                                                        • Instruction ID: cbe838b69b3dc6a6a9176365e91dc56f884208b10cb834e720cd07e9b4d5681a
                                                        • Opcode Fuzzy Hash: 1c3d9dbc9d93bfdd60ab6b815d4c89496b9c81e40e1e4c90a86c6afe4398e1ac
                                                        • Instruction Fuzzy Hash: 460181773202108F8744AA69E4A881EFBF6FBC9671350857BEA05C7314CE319C058BA0
                                                        Function 01572A80 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: da6d728226aad915ac03899aebd4a31a573834c93e8447992c64637ad1791c05
                                                        • Instruction ID: 9e83fac861a937ccf591c9d975981c99cb6ecce84ba2b085c349da12ccbfde93
                                                        • Opcode Fuzzy Hash: da6d728226aad915ac03899aebd4a31a573834c93e8447992c64637ad1791c05
                                                        • Instruction Fuzzy Hash: C301B8712002018BC301EB28C85998B7BF6FF81624B1089A9E04ACF328EF70EC008BC0
                                                        Function 015732F0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9b380c206159222a7fd1357902b5452fcf771441e4914627adf4d55b1a24e7d0
                                                        • Instruction ID: a66166e985dd4045e3bcac22a4c2826a973e58eacedf5e6e33a74d0735107164
                                                        • Opcode Fuzzy Hash: 9b380c206159222a7fd1357902b5452fcf771441e4914627adf4d55b1a24e7d0
                                                        • Instruction Fuzzy Hash: 5501ED34A20344CBDB44EBB4E56A79EBFB2FBC8311F044469E50297780EF795809EB51
                                                        Function 01572A90 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b1073c50ecbb9504679e67ad198d640811a4751a271109f9545e83c7dffc152f
                                                        • Instruction ID: b32c89d36247bb240930214a1edcc8d2095ac4700475e29ec4810f64c229a25b
                                                        • Opcode Fuzzy Hash: b1073c50ecbb9504679e67ad198d640811a4751a271109f9545e83c7dffc152f
                                                        • Instruction Fuzzy Hash: 91F042756106018BC711AB29D45984B7BF6FB856207108EAEE15ACF328EF71EC048BC0
                                                        Function 01574237 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1fd043c00e6515cc140ae5c3ebe30a44ef4fcfd8b086b2677dd615d43e6e121
                                                        • Instruction ID: 2ccc47a7855b126ad2b1dfd4ea3b89d4b4463ec45fc4f5e12335a30f2df1d85a
                                                        • Opcode Fuzzy Hash: a1fd043c00e6515cc140ae5c3ebe30a44ef4fcfd8b086b2677dd615d43e6e121
                                                        • Instruction Fuzzy Hash: BEF0EC3220011027D619E62DECA1BFF7B6BFFC1620F48152DF8419B644DE747D4596D4
                                                        Function 01576388 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f6a6241e42684e7f141039db3eb9535f38b5919b35c5705def944d5a1a6af2c
                                                        • Instruction ID: 4b6440216357d994365befc74f69b12403c0d7ce8fb1641299f22c0135f6c7b0
                                                        • Opcode Fuzzy Hash: 2f6a6241e42684e7f141039db3eb9535f38b5919b35c5705def944d5a1a6af2c
                                                        • Instruction Fuzzy Hash: 8AF09075900209EFCB40EBA4E9A669DBBF1FB94210F6045A9A809EB244DA305F05AB51
                                                        Function 01576398 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cca284390c5455eb4c34214313c1750924ac9a0ac8114ea63826193f3dcea01b
                                                        • Instruction ID: a22d0055961ce530ef3e2acd3b5b2ac4b3c43f6d08be07bff197bd734ba35189
                                                        • Opcode Fuzzy Hash: cca284390c5455eb4c34214313c1750924ac9a0ac8114ea63826193f3dcea01b
                                                        • Instruction Fuzzy Hash: A8F08270A00209EFCB44EFA8E59555DBFF1FF84210F5045ADA809AB254DE301F04DB41
                                                        Function 01572D92 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b17b8a83adf7b295ef2016cf93717577a128ea97a7ee952ea38a35019fcc426
                                                        • Instruction ID: 31433a908540ee5b266a8a7baeec3578962921e1c29d7ff5d5e11e7463ea4fc1
                                                        • Opcode Fuzzy Hash: 3b17b8a83adf7b295ef2016cf93717577a128ea97a7ee952ea38a35019fcc426
                                                        • Instruction Fuzzy Hash: E9F05875E240188F8790EFB8D4156EABBF4FB49210B1084AAD929E7700EA708901CB91
                                                        Function 01571FF8 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 336e91bccc8cad419521903a7de237e56af822ee73b1fa00904ec032032092a0
                                                        • Instruction ID: ccf7d6cd8daaf18da9270e2f9fda5d6df8224c2bef2d5442281ee1601c11f128
                                                        • Opcode Fuzzy Hash: 336e91bccc8cad419521903a7de237e56af822ee73b1fa00904ec032032092a0
                                                        • Instruction Fuzzy Hash: 8CE086367402105FCB04967DD869ECBBBEDEFC5626B550466F405C7360ED75DC0586A0
                                                        Function 01572DA0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 253cb37db1f4e3a223d3463ba306b1f2d22bec2f8c734d5b7fb042068cbdddb2
                                                        • Instruction ID: 3db722e9069364ae6d822b49160d1e9fda23ecb3d42e08a44c811c3c6e609bff
                                                        • Opcode Fuzzy Hash: 253cb37db1f4e3a223d3463ba306b1f2d22bec2f8c734d5b7fb042068cbdddb2
                                                        • Instruction Fuzzy Hash: 22E0C971E141198F8B84EFAC95056DEBBF5FB48210B6140AAD519E7310EA709D018B91
                                                        Function 015737EE Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51be8ceed56940ea04688019c14715b80064e2200f1cf28dc1f49be1508257fe
                                                        • Instruction ID: c3579dc07a096e054c42579c2fbd72137aba764f552cf8565f467977f40749c1
                                                        • Opcode Fuzzy Hash: 51be8ceed56940ea04688019c14715b80064e2200f1cf28dc1f49be1508257fe
                                                        • Instruction Fuzzy Hash: AED02E3371020057CB0486E9BE06ABB339FABC8332B080127FA08C7254EEB198012390
                                                        Function 01572008 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f3601caf7520e0bbf7e3c2fea8a21fc41c1fdd3b9047327ddd475c666b88f26c
                                                        • Instruction ID: 8edaacfe9ef97f04fe226c0bb7057ad5712ae7cd912aa8b26688444e00b49495
                                                        • Opcode Fuzzy Hash: f3601caf7520e0bbf7e3c2fea8a21fc41c1fdd3b9047327ddd475c666b88f26c
                                                        • Instruction Fuzzy Hash: CAD012357103148FCB1496BDD41D85ABBEADFC95223510466F506C7360DD75DC0587A0
                                                        Function 015766C8 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11ec77288d9f43b07c9cddc2543b5da756507f054fdac19da84c207b0d146555
                                                        • Instruction ID: 611cffe525e081a07e051489ac1f8785862d6a183d465445038061a015184354
                                                        • Opcode Fuzzy Hash: 11ec77288d9f43b07c9cddc2543b5da756507f054fdac19da84c207b0d146555
                                                        • Instruction Fuzzy Hash: 57D0233230011113C200119CBC637DE57DDE7C8531B5900BBF501D7308CD5C4D435350
                                                        Function 01576469 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d3f086b669fc12702f7066492d8cabfd2810448b8ed533eb2c6e1c30c00f18f6
                                                        • Instruction ID: 89c321fa2422c412ffcdf1adfe450fff592e4b538d69200ff2d8a5a5432da71e
                                                        • Opcode Fuzzy Hash: d3f086b669fc12702f7066492d8cabfd2810448b8ed533eb2c6e1c30c00f18f6
                                                        • Instruction Fuzzy Hash: 59D05E752442044FC3049658E9A191137FAEB8C32171104A6F908CB3A6DD24EC428A59
                                                        Function 01576478 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2e25e3e3871c7e35f421a0dc231c7124a210c70fff4b14400774d84b3d27496
                                                        • Instruction ID: 2ebd9e26b439de77db2af0ca0e295e9d46eb375f18c0329e656350377fa18e5a
                                                        • Opcode Fuzzy Hash: c2e25e3e3871c7e35f421a0dc231c7124a210c70fff4b14400774d84b3d27496
                                                        • Instruction Fuzzy Hash: D9C012743402044FC208EB5CD09081533E6FB8C71031004A9F909C7375CD20FC418E58
                                                        Function 01575640 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.2889578731.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_12_2_1570000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 23f6af9ce77ccfe861521a27ce407a018842094027332f5540c5280070872974
                                                        • Instruction ID: 57f3c21626a6ce389d3566921b4a7acd474bd48a83f82212291371794006d5c8
                                                        • Opcode Fuzzy Hash: 23f6af9ce77ccfe861521a27ce407a018842094027332f5540c5280070872974
                                                        • Instruction Fuzzy Hash: 2DB02B30130309579601051AFC0E5117F1DFB400153000295BD0804110BD23E4140080

                                                        Executed Functions

                                                        Function 01134F58 Relevance: 11.9, Strings: 9, Instructions: 601COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq
                                                        • API String ID: 0-3711252534
                                                        • Opcode ID: b00be064464799dc2624ef92cf04875460138e3b48167d2f0bdc3af43b50d650
                                                        • Instruction ID: 86c7d30531bc59792400725ca381d56147c6b9b884d3b648c5d786c0d15fcfb8
                                                        • Opcode Fuzzy Hash: b00be064464799dc2624ef92cf04875460138e3b48167d2f0bdc3af43b50d650
                                                        • Instruction Fuzzy Hash: 6F328E70B002148FDB49DF69D5546AEBBF3AFC9700F1480A9E905EB399DB349C42CB95
                                                        Function 01133860 Relevance: 4.4, Strings: 3, Instructions: 679COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 649561a89b97cfcbfe547869a12f64f864c62556c108f4b990ead5a5727b655b
                                                        • Instruction ID: 2adf6e5eb1f30f725877adbc4fc9013b983fa711356e3b6d1e4294cd5016c0a2
                                                        • Opcode Fuzzy Hash: 649561a89b97cfcbfe547869a12f64f864c62556c108f4b990ead5a5727b655b
                                                        • Instruction Fuzzy Hash: FF426274B102149FDB09DBB8D994AAE7BB7BFC8300F148069E915AB3A8DF349C41CB55
                                                        Function 01131049 Relevance: .8, Instructions: 838COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00b508ec337a04c58a09a31d78b23373d0bec265193bdd77f6b467bee74f51be
                                                        • Instruction ID: d0619524e32812b6172bed23c1011cea922c3a55b37d079f86a07fc49fe38dfd
                                                        • Opcode Fuzzy Hash: 00b508ec337a04c58a09a31d78b23373d0bec265193bdd77f6b467bee74f51be
                                                        • Instruction Fuzzy Hash: CC8223B8E10109DFDB06EBF4D794B6E7B72EB88304F105415AA4127B98CF356D81EB26
                                                        Function 011335F0 Relevance: 3.9, Strings: 3, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 084c28bd7446c61012e2a9a860196b77954c5608b8c5a27a3e792bb1eccee0c7
                                                        • Instruction ID: 66beabe9c595aa40e52f3d80b49fa8499012bf51bb9553fa9b2571c50806ea75
                                                        • Opcode Fuzzy Hash: 084c28bd7446c61012e2a9a860196b77954c5608b8c5a27a3e792bb1eccee0c7
                                                        • Instruction Fuzzy Hash: 704137327001110BD71CBB79A86053F2AA7FBC565076885BCE806DF3D8DE248D0787D9
                                                        Function 0113BEAF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 32b253c8b9b975e1c14c6971e4f3e7e40fafa94b80fd8bf51c028cef11bf18a0
                                                        • Instruction ID: 92078f2393b766a493a58f610d008a2be8b6caa951fb0b55f28e4d3f859b7a9f
                                                        • Opcode Fuzzy Hash: 32b253c8b9b975e1c14c6971e4f3e7e40fafa94b80fd8bf51c028cef11bf18a0
                                                        • Instruction Fuzzy Hash: 4A4169747105118FC744EF7DC998A6EBBF6BF88710B2580A9E506DB3B5CA70DC018B91
                                                        Function 0113BEC0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 12c7b57e06d11436306e0f2c83ed58134f3d401a28f3daec9db50ac6be1513c4
                                                        • Instruction ID: 2f5518c19ef7c36acfd48e1eabea3773179b30df02894e958e0ca8a9d1a3404c
                                                        • Opcode Fuzzy Hash: 12c7b57e06d11436306e0f2c83ed58134f3d401a28f3daec9db50ac6be1513c4
                                                        • Instruction Fuzzy Hash: 56315A747105118FC744EF2DC898A6EBBF6BF88710B2580A9E506DB3B5CA70EC018B90
                                                        Function 01132B10 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: 575026dd39a83fa255ab8842bae4fca3a4d9c722c391ada9a35cf65acea37e57
                                                        • Instruction ID: 439229181c1301f8a63df2e3cf56ad3d9603585e1096fe5f052bc9ccb4deab63
                                                        • Opcode Fuzzy Hash: 575026dd39a83fa255ab8842bae4fca3a4d9c722c391ada9a35cf65acea37e57
                                                        • Instruction Fuzzy Hash: 27310F307002469FD749AB35D654A5E37B3FBC9A25B20816DD40A8B37CDE359C439784
                                                        Function 01132B20 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: eb8a5c5fa14f8986ac5d6383f2fe8681b0887f8c8fba50c084a26dbcfd6eb85a
                                                        • Instruction ID: 2178889e5d50eb18febba5e07ff35bfef8e5c336bb16b52a7e9480ad89d45456
                                                        • Opcode Fuzzy Hash: eb8a5c5fa14f8986ac5d6383f2fe8681b0887f8c8fba50c084a26dbcfd6eb85a
                                                        • Instruction Fuzzy Hash: FE31CA357002069FD749AB35D65492E37B6FBC9A25B20816DD40A8B3ACDE359C439B84
                                                        Function 01134248 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: 9150e395afd8b624cc08fe7ebe56c91cb93cf8b9de730181ed84ba144f6f507b
                                                        • Instruction ID: d1a7a19b0fbab1ba9dfddfc4978d8e82de74766ffd12f08523f026d6b0b5340e
                                                        • Opcode Fuzzy Hash: 9150e395afd8b624cc08fe7ebe56c91cb93cf8b9de730181ed84ba144f6f507b
                                                        • Instruction Fuzzy Hash: 79019C323081400FD30AA77D686016E3F63EFD251034844EED881DF785CF285C4687DA
                                                        Function 011337F0 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: 1fcba9b452c96ab8241213416c564f7b14a0dce80ffceb24bda371a961247302
                                                        • Instruction ID: bcf4b490063739aa47d913cf113c6af8cf0141812fb2e774ed16bbe615285d82
                                                        • Opcode Fuzzy Hash: 1fcba9b452c96ab8241213416c564f7b14a0dce80ffceb24bda371a961247302
                                                        • Instruction Fuzzy Hash: C0F09E327041500BD7196B7D191047E3BFBAFC5230B1842BAEA15C73D0DE548C034395
                                                        Function 01131058 Relevance: .8, Instructions: 835COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3667809caa45d747689755331afffc6050497d9377278d1825f091efd38bbc02
                                                        • Instruction ID: 93d16c9672b7300b5e625bda1314fdec64f14846f4d0849a6b6f1f89a04186f5
                                                        • Opcode Fuzzy Hash: 3667809caa45d747689755331afffc6050497d9377278d1825f091efd38bbc02
                                                        • Instruction Fuzzy Hash: FB8224B8E10109DFDB06EBF4D794B6E7B72EB88304F105415AA4127B98CF356D81EB26
                                                        Function 0113B0B0 Relevance: .7, Instructions: 680COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6867580964cb6d48b506555d094e904933fcb7ab69f97eab7064a7bb90b8e96
                                                        • Instruction ID: a36f5f080c6825012befb381c640b022b6e62ea36a4996633753235a2a5d2496
                                                        • Opcode Fuzzy Hash: f6867580964cb6d48b506555d094e904933fcb7ab69f97eab7064a7bb90b8e96
                                                        • Instruction Fuzzy Hash: 0F523C38A01200CFD729EF38D65856D7BB2FB88305B55856AE80A9B7A9DF35DC81CF41
                                                        Function 0113BB99 Relevance: .2, Instructions: 172COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f730c7204c2a6373ef298584f2f9bc4cc009bfd8056677ebf69fe48e0cbb016
                                                        • Instruction ID: 4ec5086335f3ad9c06a722992be34623ac9918d401c811101b5379a1452cee9a
                                                        • Opcode Fuzzy Hash: 0f730c7204c2a6373ef298584f2f9bc4cc009bfd8056677ebf69fe48e0cbb016
                                                        • Instruction Fuzzy Hash: D8812978A02205CFC315EB28E788D1A7BF2FB88308B16C56AD5198B62DDB35EC45DF41
                                                        Function 0113385A Relevance: .2, Instructions: 162COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e0fe91cbaab9dae2b9d3946a24b5b99a7e7b8a79a09fd02f97d08e0f7b102fc
                                                        • Instruction ID: 5849756c6bd003936bd02f346f1777d8dee78c02da2527cbb71da042464ee003
                                                        • Opcode Fuzzy Hash: 9e0fe91cbaab9dae2b9d3946a24b5b99a7e7b8a79a09fd02f97d08e0f7b102fc
                                                        • Instruction Fuzzy Hash: 83614E74A21218AFDB09DFA8D994AADBFB2FF88310F104059E911A7358DF31AC41CB54
                                                        Function 01135AA0 Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ccd93fb0bf62d70da3ce28e2265b2ca614dc8ed14d2c205a49c6f7a3b52cf4e
                                                        • Instruction ID: 8d01ddc7ec7f9e89873c3838fe16a88607c94d853c86df087a85fe7af29d8739
                                                        • Opcode Fuzzy Hash: 7ccd93fb0bf62d70da3ce28e2265b2ca614dc8ed14d2c205a49c6f7a3b52cf4e
                                                        • Instruction Fuzzy Hash: 94514E75B002068FCB48DF68D69496EBBF6FF8C614B1141A9E506DB365DB34DC01CB91
                                                        Function 01132850 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fa46694f452858e43812555690ea1c2434609723ae797a1a0537e4b4fbe38711
                                                        • Instruction ID: 011db92b0740c95ac6d3457bcc881b9d62c43b191b0325ad37eb07c17f8a3e88
                                                        • Opcode Fuzzy Hash: fa46694f452858e43812555690ea1c2434609723ae797a1a0537e4b4fbe38711
                                                        • Instruction Fuzzy Hash: 44412974E10218CFDB18EFA9DA949DDBBB2FF88300F10556AE911AB258EF315881CF55
                                                        Function 01135A91 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60d0af070dda4d2afd723cf5ccd5303278be5441df5082fad357115d60f61e64
                                                        • Instruction ID: 04bac91a49302454cff1039edd9207800efe68d6f0b1f3056075a3961a6f0873
                                                        • Opcode Fuzzy Hash: 60d0af070dda4d2afd723cf5ccd5303278be5441df5082fad357115d60f61e64
                                                        • Instruction Fuzzy Hash: AC417C75B006068FCB48DF68D9949AABBF6FF89610B1141A9E509DB366DB30EC05CB60
                                                        Function 0113B0A0 Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9bb0d82d7a585d6a93b7ab22e0e84ae2442cfe3efd384d56a2a7e4a8430faf5d
                                                        • Instruction ID: d2aaee3b60910b209b7107ac0f922f7c8c5ddda64fb0332b1076928ec5630b9b
                                                        • Opcode Fuzzy Hash: 9bb0d82d7a585d6a93b7ab22e0e84ae2442cfe3efd384d56a2a7e4a8430faf5d
                                                        • Instruction Fuzzy Hash: 223105316002048FC718EB79EA942ADBBF2FFC5300F14862ED409AB7A9EF745D058B91
                                                        Function 01132842 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d71f2a6ce3414b725d08016f30b2af7f19ecb5155043b8fa587e069a264d32dc
                                                        • Instruction ID: b8dcaf1cd9a1b001a47e95570bae0e0b9b364a0f077f10d6b724d246acc00345
                                                        • Opcode Fuzzy Hash: d71f2a6ce3414b725d08016f30b2af7f19ecb5155043b8fa587e069a264d32dc
                                                        • Instruction Fuzzy Hash: 95315A70E102189FDB08EFA8E6945EDBFB2FF88300F105569E901AB298EF355881CF55
                                                        Function 01135308 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 68306ab815a08a96841231e670be11a57ac3d896796d47bdcb6031a80ea09a83
                                                        • Instruction ID: 4a839e8a34aeed0ca18757f081d3cac37aae2eaf25316cdda433a820d9c90506
                                                        • Opcode Fuzzy Hash: 68306ab815a08a96841231e670be11a57ac3d896796d47bdcb6031a80ea09a83
                                                        • Instruction Fuzzy Hash: E541FA34A101149FDB48EFA5E6949ADBBB3BF88705F208069E806A7368DB349C41CB90
                                                        Function 01132C48 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 453ed719ff4d6a068b64358d7b1192760cc13be41ebbea1a8a8dca208ed5bf7d
                                                        • Instruction ID: 5f5bfd3b193721b29fc19fbff5d4859a84e219030fdca10a01b467467880adba
                                                        • Opcode Fuzzy Hash: 453ed719ff4d6a068b64358d7b1192760cc13be41ebbea1a8a8dca208ed5bf7d
                                                        • Instruction Fuzzy Hash: 5B414B74D102098FDB44EFA8DB956EEBBB1FF89314F10456AE501A7758DB305980CF91
                                                        Function 01132C58 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6ecdac78307881e458aba3d3ba3d66d53ee91efb1226be2f866d44c826ee93a2
                                                        • Instruction ID: fb5436bb25ae98aed3f6cf04ceebfc493fa2f4ef6dab5d543cef6fdbcb6a558d
                                                        • Opcode Fuzzy Hash: 6ecdac78307881e458aba3d3ba3d66d53ee91efb1226be2f866d44c826ee93a2
                                                        • Instruction Fuzzy Hash: 5E314A74910209CFDB44EFA8D7859EEBBB1FF89318F10456AE901A7758DB306980CF91
                                                        Function 0113288D Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2805389775ab807cb3ce920399d0e3f10902872ce12e88ca75dfa1b65ef8171
                                                        • Instruction ID: 927e29e02e7eb0ca7cb1a8f6c9eb10fb68c18b847c6da3c09766a90efbe005e4
                                                        • Opcode Fuzzy Hash: a2805389775ab807cb3ce920399d0e3f10902872ce12e88ca75dfa1b65ef8171
                                                        • Instruction Fuzzy Hash: 51311C70A10218DFDB18EFA4E6945ADBFB2FFC8340F10556AE901AB258EF355881CF15
                                                        Function 01134B70 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4e9f56752082f2cf436ca7e862adb3d57cd1c01d03128306dfaad1b586bd278
                                                        • Instruction ID: 8d28b6d19c3d267efd904dabc25fc11b4a37b59d0e4efe0fce5aabc5a36c8a73
                                                        • Opcode Fuzzy Hash: a4e9f56752082f2cf436ca7e862adb3d57cd1c01d03128306dfaad1b586bd278
                                                        • Instruction Fuzzy Hash: 3C21F1312102065FC709EB78E9D0AAE7BA6FB80214B049E2DE4464F654DF70AD898BD9
                                                        Function 01134B80 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 371e965b91120c261829eec5591c51ee9bbf6f62d91c1b95f58a7f66288088a1
                                                        • Instruction ID: c2e28e7f772fe8cc4af5a5a252700a0f3ed99b1bfb53017bc23d67c3c7175b19
                                                        • Opcode Fuzzy Hash: 371e965b91120c261829eec5591c51ee9bbf6f62d91c1b95f58a7f66288088a1
                                                        • Instruction Fuzzy Hash: 0B21D2312102025BC709EB79E9D0A6EBBA6FFC0214B409E2CF4058F654DF70BD899BD9
                                                        Function 01135C42 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf12d5aeb1be15d2156f7c3e4f201e553ead39b4ec52c300ede07b452ae29fdb
                                                        • Instruction ID: 7cb1cdc1a80aa934f29a3070df9144da3783e2fc6cea119de43e1ea153764e26
                                                        • Opcode Fuzzy Hash: bf12d5aeb1be15d2156f7c3e4f201e553ead39b4ec52c300ede07b452ae29fdb
                                                        • Instruction Fuzzy Hash: 8C21AF70A043888FDB46CBA8C598BDC7FF2AF49310F1500A6D401FB2A2DB755D45CB60
                                                        Function 01132908 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19bc1191f16f7071ef14cd18c206561b26ac2386bfa0a28baed68660b0b027b8
                                                        • Instruction ID: cd048e2e5d76e3eeaa1b5b9c5df98779b5faabe135c31ff6fb1f166a52dd7838
                                                        • Opcode Fuzzy Hash: 19bc1191f16f7071ef14cd18c206561b26ac2386bfa0a28baed68660b0b027b8
                                                        • Instruction Fuzzy Hash: CF212C74E102189FDB18EFA9DA909ADBBB2FF88340F10912AD915AB258EF305841CF51
                                                        Function 01135C68 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 46eac0b228df32eb429542af3af992147d2914fa0855db0a80fc2c80e81d2542
                                                        • Instruction ID: 29f7feb412f8bb35ef03b038104bd0611e59f679856bb8c83c8799841880510c
                                                        • Opcode Fuzzy Hash: 46eac0b228df32eb429542af3af992147d2914fa0855db0a80fc2c80e81d2542
                                                        • Instruction Fuzzy Hash: 84216A75A002188FDF54CBA9C588BDDBBF2AF8C710F2000A5E506BB365CB75AD44CBA0
                                                        Function 01136888 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1febfeb64414dd6e935c01625feed65caa705baacffaf9d4f0bab47a263a0273
                                                        • Instruction ID: 92dc184a85f64fd363f03a95416ba52d9aa20aece98e1fa7ed8e93254900f654
                                                        • Opcode Fuzzy Hash: 1febfeb64414dd6e935c01625feed65caa705baacffaf9d4f0bab47a263a0273
                                                        • Instruction Fuzzy Hash: AD118171900209EFDB18DBA5CA087EEBBF1EF85304F118069D405A726AEB769B05DB61
                                                        Function 0113296A Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ff5cd3e25cd0381dbef8e72981223ff5739e2c8912a3160b101d35284102668
                                                        • Instruction ID: aa7685c075ec99ab349f2f9174ca0a367b8f4246fb046ac298a52fcef3fcf7e8
                                                        • Opcode Fuzzy Hash: 0ff5cd3e25cd0381dbef8e72981223ff5739e2c8912a3160b101d35284102668
                                                        • Instruction Fuzzy Hash: A521D574A11218DFDB18EFA8EA8099CBBB2FF88304F20416AE905AB765DF305D41CF51
                                                        Function 011341A2 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cafcc6280a9f1e7108d3b898c227478c4c1d9285066f1c8a10a85b56a190d3b0
                                                        • Instruction ID: cceda4e6395ec1f6554d561d32d1aae303d472667bfbbf3e4a158bcaf001aa65
                                                        • Opcode Fuzzy Hash: cafcc6280a9f1e7108d3b898c227478c4c1d9285066f1c8a10a85b56a190d3b0
                                                        • Instruction Fuzzy Hash: 9C0128313082812FC30677756C705AE3F7AEF8652075844DAE445DB282CE250D0687AA
                                                        Function 01135911 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e88422cc6881ca6ae4859e9c67c0067ad1c8a8e789f682a9f6d62072fe3b3684
                                                        • Instruction ID: 7dcdf57ae3c4cbe43092cdd88c2797cb48852536605e548ecc62c946903518c9
                                                        • Opcode Fuzzy Hash: e88422cc6881ca6ae4859e9c67c0067ad1c8a8e789f682a9f6d62072fe3b3684
                                                        • Instruction Fuzzy Hash: AD01DFB63243508FC346AF74E9644597FB6EF8B25132A84EFE440C7392DA348C05CB60
                                                        Function 011332E0 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fa59ecc836c7cb3ef1fe60a34a0f724987c186f323ee98868e09f84c958f16fa
                                                        • Instruction ID: 7a09873e76ea231ff6346f531f66f0bb21f1d25c4f059874daacac3c121a6ef5
                                                        • Opcode Fuzzy Hash: fa59ecc836c7cb3ef1fe60a34a0f724987c186f323ee98868e09f84c958f16fa
                                                        • Instruction Fuzzy Hash: 6B118439A202449FEB48EFB4F66979D7FB2ABC8305F0484A9E402A37C4DF395844CB54
                                                        Function 01135940 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8342e05074a34a9d6cc1b96649175c7bdefb28c267816fbd7a2fc7ee65bb9173
                                                        • Instruction ID: b11c1682bba2acf8e255187a789702674cd0aed7dfa6e72958cade0e319c1f21
                                                        • Opcode Fuzzy Hash: 8342e05074a34a9d6cc1b96649175c7bdefb28c267816fbd7a2fc7ee65bb9173
                                                        • Instruction Fuzzy Hash: 2001A4763102208F8704AB79F59881DBBA6FBC9A6532085BEFA06C7344DF35DC018BA4
                                                        Function 01132A80 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79b59d1ab025f7688692baec0ed225436f924d659f22323d5e19aced2fc94f33
                                                        • Instruction ID: c93b6079f1648416b00765107547440e7f3f6e0b7d24d531e7d5753518e57298
                                                        • Opcode Fuzzy Hash: 79b59d1ab025f7688692baec0ed225436f924d659f22323d5e19aced2fc94f33
                                                        • Instruction Fuzzy Hash: AF0156756102008FC311EB38D55599A7BF5BB89A20714DAA9E18ADB768EF71E8048B80
                                                        Function 011332F0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 219a06c6e888aa0bc1d79d25d77c14bcd0a9951e5103ee9bc6735c872c9f7fbe
                                                        • Instruction ID: b9fb4391d73de3d42c1c6359bd897510c08776d0ab7f35b7527995a2698c1908
                                                        • Opcode Fuzzy Hash: 219a06c6e888aa0bc1d79d25d77c14bcd0a9951e5103ee9bc6735c872c9f7fbe
                                                        • Instruction Fuzzy Hash: CE014038A202049BEB48EBB4F65979D7FB2ABC8305F008469E40297784DF355844CB54
                                                        Function 01132A90 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 909a14d8492f1e8a90a2bf05dda29cd058d822dbb1fa39a2e4134e92a9867cca
                                                        • Instruction ID: d8baece8d3331b124c64ca00bec1849b70493d2f7dd79af78674283b849908c0
                                                        • Opcode Fuzzy Hash: 909a14d8492f1e8a90a2bf05dda29cd058d822dbb1fa39a2e4134e92a9867cca
                                                        • Instruction Fuzzy Hash: 21F046756106008BC714EB28C54588B7BF6FB85A10310DA6AE14ADF728EF71EC048FC0
                                                        Function 01136388 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b43e3c2c8ca2beb9956b48dd512102bd7b42d1c24d37cda9db135b718b24dfcc
                                                        • Instruction ID: 28f452f4b73af67784d09fd7ff9723f9194f64fed0d76e7f14f7d5d593c2ecd6
                                                        • Opcode Fuzzy Hash: b43e3c2c8ca2beb9956b48dd512102bd7b42d1c24d37cda9db135b718b24dfcc
                                                        • Instruction Fuzzy Hash: 7AF09070D10209AFCB44EBA4EA8169DBBB1FB54200F6092A9A808F7240DB305E459B59
                                                        Function 01134237 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d1bd0cdaf97e361f946d70471c108183510a0a3f895b9e717ef6852277f1c599
                                                        • Instruction ID: a105365fd127e973609cc2cc3d6cfd199e982ac8627ef4bd1230ab41f2b53051
                                                        • Opcode Fuzzy Hash: d1bd0cdaf97e361f946d70471c108183510a0a3f895b9e717ef6852277f1c599
                                                        • Instruction Fuzzy Hash: 04F027322002001BE2096739A9A06AE3F57EBC1A20F48153CE8814B644CE206C8647D5
                                                        Function 01136398 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f8110074e6151913546ce7230088f22ba413294827a44537ddfe3b75160e5ab7
                                                        • Instruction ID: f46e798e1a18401c683273f8cdbbb6bce0cf873eb0b0de99c8ca4046f5d22300
                                                        • Opcode Fuzzy Hash: f8110074e6151913546ce7230088f22ba413294827a44537ddfe3b75160e5ab7
                                                        • Instruction Fuzzy Hash: 7BF08270E10209EFCB44EFA8E68159D7BF1EF84200F6082A9A808AB244DB301E409B49
                                                        Function 01132D92 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: adc2fee22acf996e35b1986075ccfde5180d2e6870cbae2d83ea3162153abb43
                                                        • Instruction ID: cc9211cd2a441ea783f798797e9c2760d992721c75203767ddf6c9da0d6390a1
                                                        • Opcode Fuzzy Hash: adc2fee22acf996e35b1986075ccfde5180d2e6870cbae2d83ea3162153abb43
                                                        • Instruction Fuzzy Hash: D6F08C71E240089F8754EFBCD5556DDBBF8EF89210B5080B9E509E7300EB309D11CB91
                                                        Function 01132DA0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a41287da5110b3278706d599403d2f8cb8719bdf06786f532ab0d36d8a9ac999
                                                        • Instruction ID: aefa1fb24d0c9a7bbc6687727ef299c0e275e5cd825561a665a9982cddb44f02
                                                        • Opcode Fuzzy Hash: a41287da5110b3278706d599403d2f8cb8719bdf06786f532ab0d36d8a9ac999
                                                        • Instruction Fuzzy Hash: 4BE0ED71E101189F8B84EFBCD5056DEBBF9EF89611B5180BAD519E7310EB709D018B91
                                                        Function 01131FF8 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8983272a73d2e62c9d988669fdc9eeb759ae970797aa7316634a64d5d2decaf
                                                        • Instruction ID: c8db223ffb79d8b1a3fb6bc726543230135bb6f4fe1ccf4a3868a3a322d25898
                                                        • Opcode Fuzzy Hash: d8983272a73d2e62c9d988669fdc9eeb759ae970797aa7316634a64d5d2decaf
                                                        • Instruction Fuzzy Hash: FCE026353003405FDB00577DE168ADA7FE9EBC9521B0508E5F005C7360DD70CC4283A0
                                                        Function 01132008 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 840bcc7f2020cc82044e27a71165cb71bd8a636528466c1196c283d72e6ca68a
                                                        • Instruction ID: 2746d3eb6b205aaf1f52cbf00f5f4e5188116aed47acbaab726a4f7bf02fe558
                                                        • Opcode Fuzzy Hash: 840bcc7f2020cc82044e27a71165cb71bd8a636528466c1196c283d72e6ca68a
                                                        • Instruction Fuzzy Hash: 10D012357103145FCB14567DD51885A7BDADFC952230104B6F506C7360DD71DC4187A0
                                                        Function 011337EF Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54a81142c0f819265cab5a3724bacd04531ef09d1584b8dd2e3e0973eedcdb00
                                                        • Instruction ID: d1e47dd1e72885f47fb90026b02e97cca6be6662054b2c1f3882eaf5566b591f
                                                        • Opcode Fuzzy Hash: 54a81142c0f819265cab5a3724bacd04531ef09d1584b8dd2e3e0973eedcdb00
                                                        • Instruction Fuzzy Hash: 0ED02E3370020057DB098AA9AB01ABA239FABC8221B08012BFA09C3258EFA188010380
                                                        Function 011366C8 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e947c3b559e9a4224ae5001a5bd4f48c9d712aae1d4f65830ad3abf34d5e2b1d
                                                        • Instruction ID: 89f9704b0e1e9be2546c953f93cb6d80210e2b09094feeea4f7e44b29fcae3ff
                                                        • Opcode Fuzzy Hash: e947c3b559e9a4224ae5001a5bd4f48c9d712aae1d4f65830ad3abf34d5e2b1d
                                                        • Instruction Fuzzy Hash: CBD0A7327282A01B8702239C38180D85FF9EFC756131B52E7F941EB387DD140C076396
                                                        Function 01136469 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1773df1ca084f3501b0d7453a93aeaec38ad43ea2dd4de521d5d4ec1db366342
                                                        • Instruction ID: aa0ab270afe753700403292fb4a741d7fe0ac8150af3e1ebf1ef6cad3d69ae96
                                                        • Opcode Fuzzy Hash: 1773df1ca084f3501b0d7453a93aeaec38ad43ea2dd4de521d5d4ec1db366342
                                                        • Instruction Fuzzy Hash: 4ED0A7F11142045FC708CB64CADA5563B71EF4630075614F9D409CB27AEA2D8902DB25
                                                        Function 01136478 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31cb7fa8b310309048880c4472f3afa55ef5ee402b7440cba8947e43d37e0f9b
                                                        • Instruction ID: 5a8340280d2466f87a33576bf1036ee7d7f8fd7f2a1833dd5793201f9080be1e
                                                        • Opcode Fuzzy Hash: 31cb7fa8b310309048880c4472f3afa55ef5ee402b7440cba8947e43d37e0f9b
                                                        • Instruction Fuzzy Hash: 5BC012747502048FC208EB6CE28182537EAAB8D71431044A9E909CB77ACE20EC828A5C
                                                        Function 01135640 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.2889431779.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_13_2_1130000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 746cc1ae2475628c8440d24c9e9d1a24dd706385c68c401c00042cc334d6c1fb
                                                        • Instruction ID: 40280c2d11bca0290b4c6724a2e99c2ee4f076da8382dc10c9ff3cd7f82c68a2
                                                        • Opcode Fuzzy Hash: 746cc1ae2475628c8440d24c9e9d1a24dd706385c68c401c00042cc334d6c1fb
                                                        • Instruction Fuzzy Hash: CDB02B3011030997A6010569FC094113F1EEF8041870001D4BD0800100EE23C45000C4

                                                        Executed Functions

                                                        Function 01804F58 Relevance: 11.9, Strings: 9, Instructions: 631COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq
                                                        • API String ID: 0-3711252534
                                                        • Opcode ID: 83107617e03d8df171afd3fa0fe02cf2e86cc2b3b70c0c4c4909ca9472d16050
                                                        • Instruction ID: 4c12f3d09bb4fe53e26fcb83aba563e43925aabefe026860d121d524b394cf4e
                                                        • Opcode Fuzzy Hash: 83107617e03d8df171afd3fa0fe02cf2e86cc2b3b70c0c4c4909ca9472d16050
                                                        • Instruction Fuzzy Hash: AE329330B002198FDB55DF68D8946AEBBF2BF89310F148069D905EB391DB349E42CFA5
                                                        Function 01803860 Relevance: 4.4, Strings: 3, Instructions: 691COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 8cbc2b71e9477a89ce98f1b32cca946dd04843c1bfabfc8298be840ba12205bd
                                                        • Instruction ID: 80f4ff4f36286cea50c42f171fa0ed40373dbfee69b557157b95dccb02d2a6b2
                                                        • Opcode Fuzzy Hash: 8cbc2b71e9477a89ce98f1b32cca946dd04843c1bfabfc8298be840ba12205bd
                                                        • Instruction Fuzzy Hash: 33426B74B102189FCB45DBBCD894A6E7BB7FF88310F148029EA06EB3A4DE349D419B50
                                                        Function 01801049 Relevance: .8, Instructions: 845COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6e3790853b0aadb52aade52709627938514a13c8509a3aa0589ebf35b721877
                                                        • Instruction ID: 7edfbba466377967f192792838bde2892e610ebebe4cb6162ec92bc185bef952
                                                        • Opcode Fuzzy Hash: b6e3790853b0aadb52aade52709627938514a13c8509a3aa0589ebf35b721877
                                                        • Instruction Fuzzy Hash: 0682DDB4B10209DBDB06DBF8E598B6E7B76EB88300F105054AA4127394CF396D95EF36
                                                        Function 018035F0 Relevance: 3.9, Strings: 3, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq
                                                        • API String ID: 0-2715959853
                                                        • Opcode ID: 7815368d708ff2c5f89f87b9b07f9addd0251874b4997b319dbd206141c7a3ee
                                                        • Instruction ID: 8b0884d740d7cb89f01259207968deb952d3e21b968e2cd5397706bdcdb64a89
                                                        • Opcode Fuzzy Hash: 7815368d708ff2c5f89f87b9b07f9addd0251874b4997b319dbd206141c7a3ee
                                                        • Instruction Fuzzy Hash: 304111217041050FD79DBB3D9C6052F2AABFBD62607A88578D906CF3E8DE249D0793D9
                                                        Function 0180B0B0 Relevance: 1.9, Strings: 1, Instructions: 680COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: e3q^
                                                        • API String ID: 0-2571903479
                                                        • Opcode ID: 64ae7a607b5e1e3a7c9a81306aec96fe620021cfe5e5298209b6f6615119c67b
                                                        • Instruction ID: 6b7ac905895d5b117d0db96fbc63bebed7daf137d6c860139aceab8db79fc6ab
                                                        • Opcode Fuzzy Hash: 64ae7a607b5e1e3a7c9a81306aec96fe620021cfe5e5298209b6f6615119c67b
                                                        • Instruction Fuzzy Hash: 8E528734B01204CFC76AEF28E99892C7BB6FB88341B249469E806CB3A5DB75DD45CF40
                                                        Function 0180BEAF Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: dc5f085618d7148237239fe6f31b236d3b5ff6809b332c9a3c3df39f91eda3c5
                                                        • Instruction ID: bd5b1f28b5710aa904e7609df9c3c0e5321962148a7a658463fcd1fa37156700
                                                        • Opcode Fuzzy Hash: dc5f085618d7148237239fe6f31b236d3b5ff6809b332c9a3c3df39f91eda3c5
                                                        • Instruction Fuzzy Hash: 9C4169747406018FC794DF3DC898A6EBBF6BF99710B2580A9E506DB3B6CA74DC018B90
                                                        Function 01802B10 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: 36a93b586c5b4d7e70c3ecc0f6849a5d3bf556d1aa3a05a5e899d8420d75ffc7
                                                        • Instruction ID: 0ce4431907212d911720a95a21ea38a3d608b0282c8fed78a1b96bb714ff60ea
                                                        • Opcode Fuzzy Hash: 36a93b586c5b4d7e70c3ecc0f6849a5d3bf556d1aa3a05a5e899d8420d75ffc7
                                                        • Instruction Fuzzy Hash: 28313070700206CFC74A9B38D55892E37B7EBC9A64B1081B8D50ACB3B8DE359C43D784
                                                        Function 0180BEC0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tefq
                                                        • API String ID: 0-1066582953
                                                        • Opcode ID: 65cebe5c87979c39bcf58f2a5a6df8fd535f37ae246f10f5e46358d677948f50
                                                        • Instruction ID: c7dde877f99f4a0afb5ecea83d5a080b9fd7927fe992606428900f4ea21e46f5
                                                        • Opcode Fuzzy Hash: 65cebe5c87979c39bcf58f2a5a6df8fd535f37ae246f10f5e46358d677948f50
                                                        • Instruction Fuzzy Hash: 6F316C747406018FC784DF3DC898A6EBBF6BF89710B6580A9E506DB3B5CA70EC018B90
                                                        Function 01802B20 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: 0e3433855f789636e2590fee36c5bca6f28af280cfd02c9773b9c542adb06dd3
                                                        • Instruction ID: 6f3ec92a0be3a6b25e26a79b14ace12e9b681ab1e7b8bbba7d41bdcd045b7f8f
                                                        • Opcode Fuzzy Hash: 0e3433855f789636e2590fee36c5bca6f28af280cfd02c9773b9c542adb06dd3
                                                        • Instruction Fuzzy Hash: BE31FC747002068FD74A9B39D598A1E37B7EBC9A64B208178D40ACB3B8DE35DC43DB84
                                                        Function 01804248 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: c9206e06679d47ae5cc478b687758e497a84823de947b075f66fd401885185ad
                                                        • Instruction ID: c6d025da4d7b635cb7799e4834926186a0ebfaeec035014d278bb421352fb923
                                                        • Opcode Fuzzy Hash: c9206e06679d47ae5cc478b687758e497a84823de947b075f66fd401885185ad
                                                        • Instruction Fuzzy Hash: 040164223082800BD34AAB7D686012E3BA3EFE261038844AED841CF395CE289D4693D9
                                                        Function 018037F0 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: 766486d0e7e0cafd4e2faa9570d013ae1d9fd634b9e475f93aaff33e10902f4a
                                                        • Instruction ID: 52aaca2ac5d6afc80115054763afce5950f7cf5165c242be46a6cb71353733f9
                                                        • Opcode Fuzzy Hash: 766486d0e7e0cafd4e2faa9570d013ae1d9fd634b9e475f93aaff33e10902f4a
                                                        • Instruction Fuzzy Hash: F1F059327042510BC7096B7D280483E3AFBAFC6220718426AEA05C73D0DD648C074395
                                                        Function 01801058 Relevance: .8, Instructions: 835COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38d87146bd141c2d417a47f7f85afd0ccb6453e0b61377432cb92727ee7e7fd5
                                                        • Instruction ID: 08a8aaaf871f34f7da38dcad290f330cf04b16c6c4e14f6513d8d928ed854545
                                                        • Opcode Fuzzy Hash: 38d87146bd141c2d417a47f7f85afd0ccb6453e0b61377432cb92727ee7e7fd5
                                                        • Instruction Fuzzy Hash: 3282DDB4B10209DBDB06DBF8E598B6E7B76EB88300F105054AA4127394CF396D95EF36
                                                        Function 0180AD80 Relevance: .5, Instructions: 488COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d23f23978cce350cd0f458d7c287fbc16450588bc026e06b38f5119f4401b49
                                                        • Instruction ID: 6c72901ecbf76ef9d1cd599d335910d1e4bd8823f9f80822c62f28014a8baf72
                                                        • Opcode Fuzzy Hash: 1d23f23978cce350cd0f458d7c287fbc16450588bc026e06b38f5119f4401b49
                                                        • Instruction Fuzzy Hash: F741F070A043498BC756DB7CE88469DBFB5FF85304F44856EE0199B3A2EE706D05CB91
                                                        Function 0180BB99 Relevance: .2, Instructions: 173COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d056c7e23c335d41dd3670f1cd41c70d5857bbdbf23f37ed02f01bde5f3cc82
                                                        • Instruction ID: 2e36c9a774cc7786680f59d7e3ddfeba4622ff56ad0ae0b460ab01f413087073
                                                        • Opcode Fuzzy Hash: 7d056c7e23c335d41dd3670f1cd41c70d5857bbdbf23f37ed02f01bde5f3cc82
                                                        • Instruction Fuzzy Hash: E1814370B02204CFC355DF68FA889197BB6FB48382B15A568D8148F265CB38ED49DF81
                                                        Function 0180385B Relevance: .2, Instructions: 162COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f91d3ee3f3e931f297a1abffdac0c663b9f2b8ee796a56a8717c445762d1944d
                                                        • Instruction ID: b838da3af1c56d2818914c43392f6f1a7ccad9d3198df60928753df0fc43c461
                                                        • Opcode Fuzzy Hash: f91d3ee3f3e931f297a1abffdac0c663b9f2b8ee796a56a8717c445762d1944d
                                                        • Instruction Fuzzy Hash: 0761FD74B11218EFDB05DFA8E894AADBBB6FF88310F108055E905E73A4DB35AD41DB50
                                                        Function 01805AA0 Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f7b88b476414796f3aad715a79a1e7d778347f2f8660825affa08ec37ee16e2
                                                        • Instruction ID: f832a82f7080c96c0e3657f3aaa948d33cf26fcefca0e3bf7acee1639b465e2b
                                                        • Opcode Fuzzy Hash: 9f7b88b476414796f3aad715a79a1e7d778347f2f8660825affa08ec37ee16e2
                                                        • Instruction Fuzzy Hash: C0510774B0060A8FCB45DF6DD99896ABBF5EF88310B514168E506DB361DB30ED41CFA0
                                                        Function 01805240 Relevance: .1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b620b79cb76523b36e71719105ce2ddaf6f0f87f2d5da568cf10ec1b2b729bca
                                                        • Instruction ID: 56667613eeb773f3809bd9e3b8c516092ff3bdce8302a26dddf20da7b2dda678
                                                        • Opcode Fuzzy Hash: b620b79cb76523b36e71719105ce2ddaf6f0f87f2d5da568cf10ec1b2b729bca
                                                        • Instruction Fuzzy Hash: C3513E70A0021CDFDB55DF69D984AADBBB2BF88311F158065E805E72A4DB749E41CFA0
                                                        Function 01802850 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bca9e9be4027dc491b6f7af307f85f15812b3819e2fd846f0c6d940dec0533de
                                                        • Instruction ID: c3708438e47597f069522e83aa8de64cbc41149d715bcdb9e924ba3ef260075e
                                                        • Opcode Fuzzy Hash: bca9e9be4027dc491b6f7af307f85f15812b3819e2fd846f0c6d940dec0533de
                                                        • Instruction Fuzzy Hash: 9C413874E10208CFDB05EFA9E89899DBBB6FF88300F109529E901AB290DF745981DF50
                                                        Function 01805A91 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79ef8224827fd2e2d0462ba970fc118fd99b29a5ac683a3ef8f30294ddd705df
                                                        • Instruction ID: e24674a979049008725fa25ae31b0b4be0ddec42e6c3a80f2ccaba923d0a1930
                                                        • Opcode Fuzzy Hash: 79ef8224827fd2e2d0462ba970fc118fd99b29a5ac683a3ef8f30294ddd705df
                                                        • Instruction Fuzzy Hash: 8E414875A0060A8FCB45DF6CC998A6ABBF5FF89300B5141A9E509DB362DB30ED01CB60
                                                        Function 01802C48 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 53a7ecb1588ef31b70ea99989b7b1a229f6e77a8ecb088b76335e4093a935f41
                                                        • Instruction ID: 78e61bc9f717c918b0d4af893bd18b925833b8856bc3da9f064b1fcf980d6139
                                                        • Opcode Fuzzy Hash: 53a7ecb1588ef31b70ea99989b7b1a229f6e77a8ecb088b76335e4093a935f41
                                                        • Instruction Fuzzy Hash: C4413974A00309CFCB05DFACE8986AEBBB6FB88314F104565E905E7290DB759E85CB91
                                                        Function 01802843 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 06f22058a70503d9d11d2be3c07c38d947d57fbb2462a484f6feebdfdd9aee43
                                                        • Instruction ID: 66d11629ff73f29988f068902572ec478fd03f8499d2b5bd70aa0e947c8eb925
                                                        • Opcode Fuzzy Hash: 06f22058a70503d9d11d2be3c07c38d947d57fbb2462a484f6feebdfdd9aee43
                                                        • Instruction Fuzzy Hash: 86316D70E102089FDB05DFA9D8989DDBFB6FF88300F108529D901AB290EF745985DB54
                                                        Function 01805308 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f12cbb860439005cf7b08e5fe011ed912cbd0601d49d4981492a74630c0b6d75
                                                        • Instruction ID: bf7bd10fc4e001bcb5de7b3be1e8a0c2b645bfb512fdeb7a54e455ee32f48861
                                                        • Opcode Fuzzy Hash: f12cbb860439005cf7b08e5fe011ed912cbd0601d49d4981492a74630c0b6d75
                                                        • Instruction Fuzzy Hash: 6C41DA74B00219DFDB45DF69E9989ADBBB2FF88311B108065E905E73A4DB349D41CF50
                                                        Function 01804B50 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75aa0fac7b651aaeb276fff353e995a349559130f0178bf175581344ba451a54
                                                        • Instruction ID: 749d9be721c38d4d6fef5d7ef9c88bcc62caae073e10e3a5dc0a730c93b76ee3
                                                        • Opcode Fuzzy Hash: 75aa0fac7b651aaeb276fff353e995a349559130f0178bf175581344ba451a54
                                                        • Instruction Fuzzy Hash: 772101302447021FC70AEBB8EC90A5E7BA6FFC1210B848D29E4058F6A1DE70AD499798
                                                        Function 01802C58 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b41326e4b172f440bb4f90b0078ba46ec71982795d48dbb80544e4aa3677360a
                                                        • Instruction ID: c59d9bee2215b38cbc4e939e133b25f9b81d6f50814b9ca6366f4b41fc6971cd
                                                        • Opcode Fuzzy Hash: b41326e4b172f440bb4f90b0078ba46ec71982795d48dbb80544e4aa3677360a
                                                        • Instruction Fuzzy Hash: A53108B4A00309CFCB04DFA8E9985AE7BB6FF88310F104529E905A7350DB345D85CF91
                                                        Function 01805C42 Relevance: .1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d73575254cce3991c12ae3c76eec02dede824ee31b3224d08e3f461a416ff836
                                                        • Instruction ID: 2ee43d0598c91e8c990c5aae6af0af5230e55ab5b7da18977a541cb272f85081
                                                        • Opcode Fuzzy Hash: d73575254cce3991c12ae3c76eec02dede824ee31b3224d08e3f461a416ff836
                                                        • Instruction Fuzzy Hash: BD217C71A042588FDF52CBA9C998BDD7FF1AF49310F1901A9D401EB2A2CB35AE45CF60
                                                        Function 01804B80 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cff1a6c3b21c8cbf3a6abdf98545c5a2e9c00936e9f3f524896995de7925fb3a
                                                        • Instruction ID: 3ba4d1608f79e154055d6af101767054c5791c72c4d61de32b5fe6b2633e0aaf
                                                        • Opcode Fuzzy Hash: cff1a6c3b21c8cbf3a6abdf98545c5a2e9c00936e9f3f524896995de7925fb3a
                                                        • Instruction Fuzzy Hash: 472163702403025BC759EB7DE8C0A6E77AAFBC4214B449E28E4058F664DF70AD899BD5
                                                        Function 01804237 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c763bf2493130ace414af5662b3cc2e2e9b39fa289c3baaaf92dd58beb8d4c98
                                                        • Instruction ID: b3cdff7c5a1323e04385119ab1bdd16454ca1a2b2cc6d8dfa948bdec8a32b6cf
                                                        • Opcode Fuzzy Hash: c763bf2493130ace414af5662b3cc2e2e9b39fa289c3baaaf92dd58beb8d4c98
                                                        • Instruction Fuzzy Hash: 26114C323442056FC78AA779AC9057F7BABFBC5620788482DE605DF394CE312D4557E8
                                                        Function 01805C68 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 037fad58c35c6bcd4d48b46840b125b9e1dc19227bef97013dc52d9d45b981ac
                                                        • Instruction ID: 322f93d054eb3e5cd68d5883c79d58a8c56c5489f913346041870fdd94e573fc
                                                        • Opcode Fuzzy Hash: 037fad58c35c6bcd4d48b46840b125b9e1dc19227bef97013dc52d9d45b981ac
                                                        • Instruction Fuzzy Hash: ED211875A002188FDF55CB99C994ADDBBF1AF48310F2011A5D505FB2A1DB75AE44CBA0
                                                        Function 01806888 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a8b800b9b7e2116831200fe79125d6c6f09ef6a01215ff0ef9793d7dcf5dfafc
                                                        • Instruction ID: f82057ecb1c0150094a1fa10f1cd6a5671517e69645e2062bc8efcc42b605541
                                                        • Opcode Fuzzy Hash: a8b800b9b7e2116831200fe79125d6c6f09ef6a01215ff0ef9793d7dcf5dfafc
                                                        • Instruction Fuzzy Hash: EC21907290020ACFDB51DFA4CE49BEDBBF1AF45304F208069C005EB2A2EB759B15CB52
                                                        Function 018041A2 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0606dc88ee83eb496112b133c98e014a6cdc643eec014a32a26cf76e796f3ed1
                                                        • Instruction ID: 71077b7b56aeb26650b09b1097b4eb38bf248ee2b965aedbec7b3d7c61f0581b
                                                        • Opcode Fuzzy Hash: 0606dc88ee83eb496112b133c98e014a6cdc643eec014a32a26cf76e796f3ed1
                                                        • Instruction Fuzzy Hash: 26014C2574C3412FC38A67795C6056F2FBAFBD6120794046AE506DB381CE240D0683A9
                                                        Function 01802A80 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6347b9917a8c3dd395c45f3e2ff847e412fe63e090aaec13f8c0317482aefeb1
                                                        • Instruction ID: 23b28de42f6e4553eae14240f71662334cfb2a27c8457e5f50dd489b36e3c1f3
                                                        • Opcode Fuzzy Hash: 6347b9917a8c3dd395c45f3e2ff847e412fe63e090aaec13f8c0317482aefeb1
                                                        • Instruction Fuzzy Hash: 1711E0356043068FC362EB28C84849A7BF6FF41224314896AD145CF3A6EB71D8088B91
                                                        Function 018032E0 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 268ad2a37a6c173c3b1c88f6dd11b9a586d8f5733691fabe5df6cac662b89b40
                                                        • Instruction ID: bcd44f249642a2086f8f15de1d65549ee94fd6b3d161408d4a00a9328e8c301a
                                                        • Opcode Fuzzy Hash: 268ad2a37a6c173c3b1c88f6dd11b9a586d8f5733691fabe5df6cac662b89b40
                                                        • Instruction Fuzzy Hash: 6511D034A243488FCB46DBBCE82D69D7FB6AB89311F048469ED01DB2C0DF395909DB46
                                                        Function 01805911 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 83633c18499e4c10a61c49b9ae9d399dec691e93515d6b435473c29432c37571
                                                        • Instruction ID: 2b75a5d9f360938030b96a4eb2e7c405e78857f3db20a6a88880435999a1e901
                                                        • Opcode Fuzzy Hash: 83633c18499e4c10a61c49b9ae9d399dec691e93515d6b435473c29432c37571
                                                        • Instruction Fuzzy Hash: D001D2363143508FC7538B29E8949197BB9EF8B22031980AAE445CB352CA349C01CBB1
                                                        Function 01805940 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5b6a3244a00dab5ab8891477640a5998ce3caa3ff96cd132e5636f9a80afa87
                                                        • Instruction ID: aaf600969cc49d324bdaf34b8f58f956cfffa284d0f7d3b3452c862f46ec37ad
                                                        • Opcode Fuzzy Hash: e5b6a3244a00dab5ab8891477640a5998ce3caa3ff96cd132e5636f9a80afa87
                                                        • Instruction Fuzzy Hash: 4101A4763502208F8755AA6DF49881EBBAAFBD9665350857EEA06C7310CE31DC019BA4
                                                        Function 018032F0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1870243e9ec7edc9dfe2238d865333e1db4bf39d56aca8439a06e1366f557b7
                                                        • Instruction ID: 0c8565602d2a08d36cec29200f4af4352f502d5274973e5b9db3386c593eabe2
                                                        • Opcode Fuzzy Hash: f1870243e9ec7edc9dfe2238d865333e1db4bf39d56aca8439a06e1366f557b7
                                                        • Instruction Fuzzy Hash: 4001E934A20348CFDB45DBBCE86D69E7FB6AB88301F008468E902A7380DF795D45EB55
                                                        Function 01802A90 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7871ded1e122d7056dc7dc8892c6c4de04b8ee37f751cc265b5d10067f41082b
                                                        • Instruction ID: 3cb9d29696557de5f802e9991f349a51d6e9fcc2ebf5255a462c05fc12d730ed
                                                        • Opcode Fuzzy Hash: 7871ded1e122d7056dc7dc8892c6c4de04b8ee37f751cc265b5d10067f41082b
                                                        • Instruction Fuzzy Hash: 34F042756006058FC751EB29C84885BBBF6FB856143518A69E14ACF368EFB1EC088BD0
                                                        Function 0180638A Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 418bbe4d53134b6832dcc59b7686826ae20a6239bc2849e378c84f305b067f34
                                                        • Instruction ID: c0ca33b77efc07718f62289eed87be4c8bf69c2bbb19b6b79f9f9b294bef4834
                                                        • Opcode Fuzzy Hash: 418bbe4d53134b6832dcc59b7686826ae20a6239bc2849e378c84f305b067f34
                                                        • Instruction Fuzzy Hash: C1F0F630944346AFCB51EBBCD98046D7FB1FFA6200B5446D9D854AF292CA312E05EB55
                                                        Function 01801FF8 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dda4acdb48f255ee684afd91fb1f19a37916f2d5c5739808afe836fee6856f15
                                                        • Instruction ID: 3be6a12ab14c26279b09c88a416188ef30dd12960bb198115eb5466f231e2926
                                                        • Opcode Fuzzy Hash: dda4acdb48f255ee684afd91fb1f19a37916f2d5c5739808afe836fee6856f15
                                                        • Instruction Fuzzy Hash: 01E065357043448FC746977898584A9BFA6DF9662230A44FAE106C7362D9728C05D791
                                                        Function 01806398 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac1128de3296e17120d79655ca959f2e3316471806d961e2015d430a8e895c74
                                                        • Instruction ID: d6d5b55688d13ed0966461c98a6991dfcc5d2f12df6b0a15d7fcc15b39e04884
                                                        • Opcode Fuzzy Hash: ac1128de3296e17120d79655ca959f2e3316471806d961e2015d430a8e895c74
                                                        • Instruction Fuzzy Hash: 34F08270A40209EFCB80EFA8E98456D7BF5FB94200F5041A89808E7250DA301F48AB45
                                                        Function 01802D93 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a99b4315ed5e3cd28b72ca9f86d4698d03561e61a5b14440e5a6db91200adaa
                                                        • Instruction ID: e645d9c9b22ab4916dcf98c4495a2cf3efb7d27ea1ce8fad6bb2cd7e5270d9ba
                                                        • Opcode Fuzzy Hash: 3a99b4315ed5e3cd28b72ca9f86d4698d03561e61a5b14440e5a6db91200adaa
                                                        • Instruction Fuzzy Hash: 20F08C75E100188F8790EFBCC4086EDBBF5EB48204B1040B9DA19E7301EB708D018B91
                                                        Function 01802DA0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f932c73643f56a3668e2a91026975d38ef37301df336e6524525034a088b232
                                                        • Instruction ID: 333fa5bdb78e63be058d3ef7a518ba357b97daa1e97a85337eb81a3d7caca49a
                                                        • Opcode Fuzzy Hash: 0f932c73643f56a3668e2a91026975d38ef37301df336e6524525034a088b232
                                                        • Instruction Fuzzy Hash: EBE0C971E101198F8B94EFAC95096DEBBF9EB48214B5140BAD519E7350EB709E018B91
                                                        Function 01802008 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8991c3e522d9c689e601c5e7f26eda0e04a596487dec5998ad91e281eda9bba4
                                                        • Instruction ID: b62ecd53e62282409d78c421f8a6f869fc59df705d5452577449e724ddd1f512
                                                        • Opcode Fuzzy Hash: 8991c3e522d9c689e601c5e7f26eda0e04a596487dec5998ad91e281eda9bba4
                                                        • Instruction Fuzzy Hash: 0BD017357103148FCB14AABEE41885A7BEAEFC962230104BAF50AC7360DEB1DC0187A1
                                                        Function 018037EF Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4460d1e774bb99f509657d26c516959fb5d2d65c406e7b35e326d6b5501c6fbf
                                                        • Instruction ID: 934e3aea7ba706cd09491921e27358545a09f99d9e42e737df7a64e00d0001e7
                                                        • Opcode Fuzzy Hash: 4460d1e774bb99f509657d26c516959fb5d2d65c406e7b35e326d6b5501c6fbf
                                                        • Instruction Fuzzy Hash: 71D05E777002109BDB1686ADBA45ABA23AFABC8222B084526FA09D7254EEB18C415790
                                                        Function 018066C8 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2de877fbdb70d10fc2fb74e6a0e0bd09a2f7f13d1644acaf5542b223e0d3d4e1
                                                        • Instruction ID: e3c6c39ec475eebd2b8734d4b543e1509cd4df5dc208d1f46b9ed2e096577326
                                                        • Opcode Fuzzy Hash: 2de877fbdb70d10fc2fb74e6a0e0bd09a2f7f13d1644acaf5542b223e0d3d4e1
                                                        • Instruction Fuzzy Hash: 4BD0C7323282A04B8702572CAC801583FE9AE8A21030A02A7F800DF30ACA248802A396
                                                        Function 01806469 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45e6a5c1d5439c78bbf9658b2ce6fd53474b60c4730b06d916f109f69fa1265c
                                                        • Instruction ID: cae8fbf7c87f710514c8ac23af03e4614c1e464d8d879b227ab951529bb1b459
                                                        • Opcode Fuzzy Hash: 45e6a5c1d5439c78bbf9658b2ce6fd53474b60c4730b06d916f109f69fa1265c
                                                        • Instruction Fuzzy Hash: 21E017B67543009FC304CB5CE49191137FAFF9D310B2644E9E848CB766DE2AEC42871A
                                                        Function 01806478 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.2886774427.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1800000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e0c7321f66c8e3fb3a335f1124127af6057281358519336df9562994463a558
                                                        • Instruction ID: 320f7ac82540226960add58ee91145318bb5d93a16fb11205d976658c9b5ce07
                                                        • Opcode Fuzzy Hash: 9e0c7321f66c8e3fb3a335f1124127af6057281358519336df9562994463a558
                                                        • Instruction Fuzzy Hash: AFC012B43803048FC308DB6CE08482533EAEBCC710B1004A8E909CB776CE30EC828A59

                                                        Executed Functions

                                                        Function 029B4F58 Relevance: 11.8, Strings: 9, Instructions: 598COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq$(jq
                                                        • API String ID: 0-3711252534
                                                        • Opcode ID: c7ad69c4022381555c362f2ecc7a93c273e86858f0fb07b30952c1ed2ae18b2e
                                                        • Instruction ID: c6935d2a186e634dcee7fcf903f9a2d41b4e3dff7c479ff71848725703cd38f6
                                                        • Opcode Fuzzy Hash: c7ad69c4022381555c362f2ecc7a93c273e86858f0fb07b30952c1ed2ae18b2e
                                                        • Instruction Fuzzy Hash: 4332AF75F002148FDB15EFA8D6946AEBBF2AF88310F558069D806EB395DF349C42CB91
                                                        Function 029B2B10 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: d0fe7d1143e021ea435b6130c7b6c793af038896f5f42ae4ee147be2c974cd75
                                                        • Instruction ID: 705e33da20ae35068c76538d4166afc54ffbae02fb4638767b8da4c4f451174d
                                                        • Opcode Fuzzy Hash: d0fe7d1143e021ea435b6130c7b6c793af038896f5f42ae4ee147be2c974cd75
                                                        • Instruction Fuzzy Hash: D4310C347002168FD759AB39D654A1E33B3EB89A25B20857CD40ACB3ADDF35DC039B84
                                                        Function 029B2B20 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRfq
                                                        • API String ID: 0-2333822924
                                                        • Opcode ID: b50504c83242c4afa04d22e169303da70d7d67e8b85e485eedfc941dedd2d55f
                                                        • Instruction ID: 7b4f6f48ff6590df9c04908a5b6ff39d6c81a999327c9ab4133ab6d501e4ebf3
                                                        • Opcode Fuzzy Hash: b50504c83242c4afa04d22e169303da70d7d67e8b85e485eedfc941dedd2d55f
                                                        • Instruction Fuzzy Hash: 0A31E9357002168FD71AAB39D65492E33B3EBC9A24B20816CD40ACB3ADDE35DC03DB85
                                                        Function 029B4248 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (jq
                                                        • API String ID: 0-3225323518
                                                        • Opcode ID: 52b157d9fac5036fedc605a14cf8c6e60ce46804adbae1142614c502d64bc866
                                                        • Instruction ID: 657c21b138474cdc0ba92566a6ab837882b86e5c10b547b9ddfcd5fdf18460ce
                                                        • Opcode Fuzzy Hash: 52b157d9fac5036fedc605a14cf8c6e60ce46804adbae1142614c502d64bc866
                                                        • Instruction Fuzzy Hash: 29019C36B081400FD30AA77C686416E3F63EFC261074854AED441CF386CE289C06E3D6
                                                        Function 029B2850 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82cb34b38cb487031cd24bf8d508558836e42347793c4bdc0101bbb911fd104c
                                                        • Instruction ID: a37965bd7e4f67c4a2a2c9fc84d36e554a9758d41dfbd928e4582787ef1d7979
                                                        • Opcode Fuzzy Hash: 82cb34b38cb487031cd24bf8d508558836e42347793c4bdc0101bbb911fd104c
                                                        • Instruction Fuzzy Hash: 21410774E10208CFDB15EFA5EA849EDBBB6FF88304F105929E905AB295DF349841CF50
                                                        Function 029B2843 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 05aa9dba011a0fa03a9ae729815f6ac5005f8683246661d3996acd4b248702f6
                                                        • Instruction ID: e40dab0a155a744d4d5139644adb91d96bf177db779b0bbf63214161fb7392d0
                                                        • Opcode Fuzzy Hash: 05aa9dba011a0fa03a9ae729815f6ac5005f8683246661d3996acd4b248702f6
                                                        • Instruction Fuzzy Hash: 36316D70E10208DFDB15EFA5EA846EDBBB2FF88304F106929E901A7294EF345845CF61
                                                        Function 029B2C48 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e00a1f91378482a2ddbc5fc35ab9f06f9dd7dc0ff89dcddf501e43bdc09e346e
                                                        • Instruction ID: 68587626d8bf05c0a21f7082d990c60c3956aa74a798ac56052f91af01d82f69
                                                        • Opcode Fuzzy Hash: e00a1f91378482a2ddbc5fc35ab9f06f9dd7dc0ff89dcddf501e43bdc09e346e
                                                        • Instruction Fuzzy Hash: AD418D74D10209CFEB15EFA8D685AEEBBB1FF88318F105529E805A7794DB305981CF91
                                                        Function 029B2C58 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af0ede3567f67388f648ee26b2be5e946beff2b58fc199c4d156a2be757ee8e1
                                                        • Instruction ID: f50916399ab05d5e199314dc24580d33aae9390043835302d3a2992b972fafb2
                                                        • Opcode Fuzzy Hash: af0ede3567f67388f648ee26b2be5e946beff2b58fc199c4d156a2be757ee8e1
                                                        • Instruction Fuzzy Hash: C9315C74D10209CFDB14EFA8D6859EEBBB2FF88318F105529E905A7794DB305980CF91
                                                        Function 029B288D Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5982ed8185291f385d38ba3c29d1ab71f7a319a12422dff680e8cebeffebfddc
                                                        • Instruction ID: c8f6a548d304551721f285f1328ac7b6ee21fbe89bb6a8266c89146eadce98ce
                                                        • Opcode Fuzzy Hash: 5982ed8185291f385d38ba3c29d1ab71f7a319a12422dff680e8cebeffebfddc
                                                        • Instruction Fuzzy Hash: D231E874E102089FDB19EFA5EA856EDBBB2FF8C304F106929D805A7294DF345845CF21
                                                        Function 029B4B70 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d345b5c2efacf82c43fda280da741d6bb1a715e9f434dea819709582b761b713
                                                        • Instruction ID: f0c293b9f2b2ab0893f77869db1432f325fafa1b16dba528ec15cd75bdac48b8
                                                        • Opcode Fuzzy Hash: d345b5c2efacf82c43fda280da741d6bb1a715e9f434dea819709582b761b713
                                                        • Instruction Fuzzy Hash: 9221F1306002015FD709EB78E880AAEBBA7FB85310F009E28E0058B655DF70AC899BD6
                                                        Function 029B4B80 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: babd25af847515e625211f0c7606e32ae64622777476401bebe3aa41d70c3dae
                                                        • Instruction ID: 5a3644dba9fd62e3e65f435cf3bfa06327ca02e56cce15af397d3aa2952e4cee
                                                        • Opcode Fuzzy Hash: babd25af847515e625211f0c7606e32ae64622777476401bebe3aa41d70c3dae
                                                        • Instruction Fuzzy Hash: 2421C0342002015FD718EB7DE8C0A6EB7A7FBC4314B409E28E0058B654DF70AD899BD2
                                                        Function 029B2908 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9bc29a8341edbff62e540787e3b5860e755b3bff5e4b69daa8af05cd03fe3744
                                                        • Instruction ID: 93c4477cc76d6db625a7c034437f0aa39e9b74d7bd19e379cb5c4c820d7f6095
                                                        • Opcode Fuzzy Hash: 9bc29a8341edbff62e540787e3b5860e755b3bff5e4b69daa8af05cd03fe3744
                                                        • Instruction Fuzzy Hash: 6E21E774E102089FDB15EFA9EA809EDBBB6FF8C304F109529D815A7298DF305845CF61
                                                        Function 029B296A Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8813f94f3fbee36ef58b63032247f5d0e47eb17b765656d495bc035205f61cb
                                                        • Instruction ID: 97dba96be967a0d4cd9278e2dbf6de4116e631303b60c7b9f36c5b60ed91e5db
                                                        • Opcode Fuzzy Hash: b8813f94f3fbee36ef58b63032247f5d0e47eb17b765656d495bc035205f61cb
                                                        • Instruction Fuzzy Hash: 6221D874E10208DFDB15EFA8E68499DBBB2FF88304F205529E809AB365DF305945CF51
                                                        Function 029B6888 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5bf409b9426923656ae03ccce9d332cbdab71f8e53dcc396c2a200eba99ac4a
                                                        • Instruction ID: 59a702528d1c1705541231358b7a4dd0fa80b87313d68452d428d8cee0f6c0c8
                                                        • Opcode Fuzzy Hash: d5bf409b9426923656ae03ccce9d332cbdab71f8e53dcc396c2a200eba99ac4a
                                                        • Instruction Fuzzy Hash: 4D119331D00205CFEB19DBA0CB087EEBBFAEF49304F14846AC405A72A2DB75AA45DF51
                                                        Function 029B41A2 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4b5b4bf50ed21abdc56dd9dec4ea3b4dd13adeb54e155796cc4087d1556017b6
                                                        • Instruction ID: 9d7ec97b4c5aec49066e1e3dc35e7eeba2e6daa970022b81e6435c5b7fe170fe
                                                        • Opcode Fuzzy Hash: 4b5b4bf50ed21abdc56dd9dec4ea3b4dd13adeb54e155796cc4087d1556017b6
                                                        • Instruction Fuzzy Hash: 9601283570C3805FD3066B75AC600BE3FBAEF86210754449BE405D7286CE255C0687A6
                                                        Function 029B2A80 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 49e373ad352cd8a3085d6ff1deb6498ff2135f5f6fc37f362676aaf5777af0f0
                                                        • Instruction ID: 07a89b5cb2467661212aaa65e2c1f2ea8b9c6cb36b7632e532274e434d3a3ba3
                                                        • Opcode Fuzzy Hash: 49e373ad352cd8a3085d6ff1deb6498ff2135f5f6fc37f362676aaf5777af0f0
                                                        • Instruction Fuzzy Hash: B7015679A103008FC711EF38D50999B7BF6EF85620B1099A9E10ADB768EB71EC048FC1
                                                        Function 029B41D0 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ff3374fff7adad6850d18f179c1ebdbd0cb901192adc293e6cf1afe7e2350239
                                                        • Instruction ID: 3a2079c08ca43fbe5b87da6cfdb9004642b42cfda7f83fcf96fa758b2cb62b56
                                                        • Opcode Fuzzy Hash: ff3374fff7adad6850d18f179c1ebdbd0cb901192adc293e6cf1afe7e2350239
                                                        • Instruction Fuzzy Hash: 55F02E356002006FE344A769BC916BF77ABF7C4260F54482DF409D7340DF315C0547A6
                                                        Function 029B2A90 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 484935056ce1961d4e88d6f097085393c9903333aeaf6e92fa9bb61709917c55
                                                        • Instruction ID: 7b51d470b8f34135cc6f011c1abd6ce56c1b56d9f8e7783dc8b270497b9ab963
                                                        • Opcode Fuzzy Hash: 484935056ce1961d4e88d6f097085393c9903333aeaf6e92fa9bb61709917c55
                                                        • Instruction Fuzzy Hash: ADF04279A106008FC711AB68D54888B7BF6EF856103108AA9E14ADB768EF71EC048FC2
                                                        Function 029B4237 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a8031b5c12fa51a02a56bb4b38ef54a9fd573263703e99e17d9baf8fcde13509
                                                        • Instruction ID: b8ec84c819b7b1555fa1352d67589599f1d024e78a866f745b44da70b6bf09b9
                                                        • Opcode Fuzzy Hash: a8031b5c12fa51a02a56bb4b38ef54a9fd573263703e99e17d9baf8fcde13509
                                                        • Instruction Fuzzy Hash: 56F05C326002001BD309AB39A8406BF3757FFC0720F44593DE8018B605DF346C4697D4
                                                        Function 029B6388 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 867f5ad8cc1f0f22adde5debcacad4a9bb0c8e00e4f52f5acafef0fb19f83ddb
                                                        • Instruction ID: e45a4dab3b2064f3b47721c5578c34b476efe1327c7ccc7f39ff2e55ea22dab1
                                                        • Opcode Fuzzy Hash: 867f5ad8cc1f0f22adde5debcacad4a9bb0c8e00e4f52f5acafef0fb19f83ddb
                                                        • Instruction Fuzzy Hash: AFF0F6749082C59FCB05EBB8E95149D7FB2DF47210B1485D9D444AF2D2C9315D02EB53
                                                        Function 029B6398 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dfcf40548efec8983b900217d67cfde583b6088ddfa897e8cb9c6ed8a58766e1
                                                        • Instruction ID: 3a5da28b6f649a5792204951e4630a7592e0b38b64df931970aff887f5ac6e44
                                                        • Opcode Fuzzy Hash: dfcf40548efec8983b900217d67cfde583b6088ddfa897e8cb9c6ed8a58766e1
                                                        • Instruction Fuzzy Hash: 06F01274E00208EFCB44EFB8E59559D7BF6DF48200F5055A99508EB384DA305E45AB52
                                                        Function 029B2008 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 86ed4eeb7f11915589e5bce19ec2027e13fbb8434f9add2855cdf2a9839edee6
                                                        • Instruction ID: 23f11a1f5fcaf5088c4ceed23088ec90031778980d2ec908ee40506203e18a92
                                                        • Opcode Fuzzy Hash: 86ed4eeb7f11915589e5bce19ec2027e13fbb8434f9add2855cdf2a9839edee6
                                                        • Instruction Fuzzy Hash: F3D012357102144FCB14677DD41885E7BEAEFC96223010476F506C7361DD75DC0187A0
                                                        Function 029B6469 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be068bffdcdfb20397db1cfc60e51b51b225fd14dafdfcc595737c818de8612e
                                                        • Instruction ID: 0bd9727617d651cf889e0bcbcb6ce9984b092c443731a9e25713d5c59afb79ab
                                                        • Opcode Fuzzy Hash: be068bffdcdfb20397db1cfc60e51b51b225fd14dafdfcc595737c818de8612e
                                                        • Instruction Fuzzy Hash: EED05EA41082C44FDB0987748AAA425BF31EF4135070944FAD4968B5A7CA198846CB12
                                                        Function 029B66D3 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82678f31108ccfc9247ae389a6a1d6f0a6cd114e13826a0a6f6865ab973da985
                                                        • Instruction ID: 9615c5fccba3d8b49740618db8c2f339b839c3fcabb7bceb932f09e1ab1a436a
                                                        • Opcode Fuzzy Hash: 82678f31108ccfc9247ae389a6a1d6f0a6cd114e13826a0a6f6865ab973da985
                                                        • Instruction Fuzzy Hash: C0C08C267090E00B960937BCB0280ECAFAA8BC60A238C05FBFA41E7386CC014D029783
                                                        Function 029B6478 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000010.00000002.2884294071.00000000029B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_16_2_29b0000_Snetchball.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fc045768823fc172d85d4a82b6c6be402b2bae2a2e443694d5f717b6b5b6240
                                                        • Instruction ID: 3bf488f90371669c4d998dd08dee9f09480e611441c3a39a97c86ede1130f8af
                                                        • Opcode Fuzzy Hash: 9fc045768823fc172d85d4a82b6c6be402b2bae2a2e443694d5f717b6b5b6240
                                                        • Instruction Fuzzy Hash: C2C012747402048FC608EB6CE08682933EAFB8C71471054A8E909CB7BACE20EC828A58