Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
oIDX88LpSs.exe

Overview

General Information

Sample name:oIDX88LpSs.exe
renamed because original name is a hash value
Original sample name:1648da0c5f6a9b0f99339a225ed9e11e8910f198e44726b920d1872ca1b3972b.exe
Analysis ID:1537991
MD5:14461f84b8fca58f2a3a6fdc884582fb
SHA1:d948c2cd7f8bf46526ab689a6a590fdb0bdf56fc
SHA256:1648da0c5f6a9b0f99339a225ed9e11e8910f198e44726b920d1872ca1b3972b
Tags:exeuser-Chainskilabs
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Uses ipconfig to lookup or modify the Windows network settings
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • oIDX88LpSs.exe (PID: 6220 cmdline: "C:\Users\user\Desktop\oIDX88LpSs.exe" MD5: 14461F84B8FCA58F2A3A6FDC884582FB)
    • MyNigga!.exe (PID: 4800 cmdline: "C:\Users\user\AppData\Roaming\MyNigga!.exe" MD5: 2B3B90E6EED13A7E4E2F8285F0022F94)
      • schtasks.exe (PID: 3640 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • conhost.exe (PID: 6764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • SIHClient.exe (PID: 3640 cmdline: C:\Windows\System32\sihclient.exe /cv 7NrvztKWqECbt1RuJH7L+Q.0.2 MD5: 8BE47315BF30475EEECE8E39599E9273)
    • BootstrapperV1.22.exe (PID: 7084 cmdline: "C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe" MD5: 2A4DCF20B82896BE94EB538260C5FB93)
      • conhost.exe (PID: 6412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1112 cmdline: "cmd" /c ipconfig /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • ipconfig.exe (PID: 5160 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
      • WerFault.exe (PID: 5336 cmdline: C:\Windows\system32\WerFault.exe -u -p 7084 -s 2188 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • OpenWith.exe (PID: 3064 cmdline: C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2" MD5: E4A834784FA08C17D47A1E72429C5109)
  • OpenWith.exe (PID: 6416 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • OpenWith.exe (PID: 3796 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • OpenWith.exe (PID: 4188 cmdline: C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2" MD5: E4A834784FA08C17D47A1E72429C5109)
  • OpenWith.exe (PID: 5820 cmdline: C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2" MD5: E4A834784FA08C17D47A1E72429C5109)
  • OpenWith.exe (PID: 6620 cmdline: C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2" MD5: E4A834784FA08C17D47A1E72429C5109)
  • OpenWith.exe (PID: 5252 cmdline: C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2" MD5: E4A834784FA08C17D47A1E72429C5109)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
\Device\ConDrvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
    C:\Users\user\AppData\Roaming\FluxusV1.2JoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Roaming\FluxusV1.2MALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x10603:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x106a0:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x107b5:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xf42a:$cnc4: POST / HTTP/1.1
      C:\Users\user\AppData\Roaming\MyNigga!.exeJoeSecurity_XWormYara detected XWormJoe Security
        C:\Users\user\AppData\Roaming\MyNigga!.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
        • 0x10603:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
        • 0x106a0:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
        • 0x107b5:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
        • 0xf42a:$cnc4: POST / HTTP/1.1

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x10403:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x104a0:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x105b5:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0xf22a:$cnc4: POST / HTTP/1.1
          00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
            00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
            • 0x3166b:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x442ab:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
            • 0x31708:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x44348:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
            • 0x3181d:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x4445d:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
            • 0x30492:$cnc4: POST / HTTP/1.1
            • 0x430d2:$cnc4: POST / HTTP/1.1
            Process Memory Space: oIDX88LpSs.exe PID: 6220JoeSecurity_XWormYara detected XWormJoe Security
              Click to see the 2 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.oIDX88LpSs.exe.2b54ca8.2.unpackJoeSecurity_XWormYara detected XWormJoe Security
                0.2.oIDX88LpSs.exe.2b54ca8.2.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                • 0xe803:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                • 0xe8a0:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                • 0xe9b5:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                • 0xd62a:$cnc4: POST / HTTP/1.1
                2.0.MyNigga!.exe.9b0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                  2.0.MyNigga!.exe.9b0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                  • 0x10603:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                  • 0x106a0:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                  • 0x107b5:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                  • 0xf42a:$cnc4: POST / HTTP/1.1
                  0.2.oIDX88LpSs.exe.2b42068.1.unpackJoeSecurity_XWormYara detected XWormJoe Security
                    Click to see the 5 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\FluxusV1.2, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\MyNigga!.exe, ProcessId: 4800, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FluxusV1
                    Sigma detected: Startup Folder File Write
                    Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\MyNigga!.exe, ProcessId: 4800, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FluxusV1.lnk
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\MyNigga!.exe" , ParentImage: C:\Users\user\AppData\Roaming\MyNigga!.exe, ParentProcessId: 4800, ParentProcessName: MyNigga!.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2", ProcessId: 3640, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\MyNigga!.exe" , ParentImage: C:\Users\user\AppData\Roaming\MyNigga!.exe, ParentProcessId: 4800, ParentProcessName: MyNigga!.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2", ProcessId: 3640, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Network Command
                    Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: "cmd" /c ipconfig /all, CommandLine: "cmd" /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe" , ParentImage: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe, ParentProcessId: 7084, ParentProcessName: BootstrapperV1.22.exe, ProcessCommandLine: "cmd" /c ipconfig /all, ProcessId: 1112, ProcessName: cmd.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-20T01:27:02.576210+020028033053Unknown Traffic192.168.2.649713172.67.203.125443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-20T01:27:30.897030+020028559241Malware Command and Control Activity Detected192.168.2.649744185.141.35.223631TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: oIDX88LpSs.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\FluxusV1.2Avira: detection malicious, Label: TR/Spy.Gen
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeAvira: detection malicious, Label: TR/Spy.Gen
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeReversingLabs: Detection: 63%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\FluxusV1.2Joe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: oIDX88LpSs.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: d8zyctl.localto.net
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: 3631
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: <123456789>
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: <Xwormmm>
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: XWorm V5.6
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: USB.exe
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: %AppData%
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpackString decryptor: FluxusV1.2
                    Source: oIDX88LpSs.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.203.125:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.203.125:443 -> 192.168.2.6:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 128.116.123.4:443 -> 192.168.2.6:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.6:49719 version: TLS 1.2
                    Source: oIDX88LpSs.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: System.Runtime.Serialization.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: .22.PDB source: BootstrapperV1.22.exe, 00000003.00000002.2254195072.000001BF53F2A000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54334000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Windows.Forms.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Drawing.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Configuration.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.ni.pdbRSDSC source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Configuration.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Drawing.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.pdb source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54334000.00000004.00000800.00020000.00000000.sdmp, WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.ni.pdbRSDS# source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Core.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.pdbH source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Numerics.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Windows.Forms.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.pdbH source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: mscorlib.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Drawing.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: mscorlib.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Core.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Runtime.Serialization.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Numerics.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:49744 -> 185.141.35.22:3631
                    Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:49744 -> 185.141.35.22:3631
                    Source: global trafficTCP traffic: 192.168.2.6:49714 -> 185.141.35.22:3631
                    Source: global trafficTCP traffic: 192.168.2.6:64165 -> 162.159.36.2:53
                    Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /api/endpoint.json HTTP/1.1Host: getsolara.dev
                    Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Host: clientsettings.roblox.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Host: www.nodejs.orgConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 172.67.203.125 172.67.203.125
                    Source: Joe Sandbox ViewIP Address: 128.116.123.4 128.116.123.4
                    Source: Joe Sandbox ViewIP Address: 104.20.23.46 104.20.23.46
                    Source: Joe Sandbox ViewASN Name: AS43260TR AS43260TR
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49713 -> 172.67.203.125:443
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /api/endpoint.json HTTP/1.1Host: getsolara.dev
                    Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Host: clientsettings.roblox.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Host: www.nodejs.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: getsolara.dev
                    Source: global trafficDNS traffic detected: DNS query: d8zyctl.localto.net
                    Source: global trafficDNS traffic detected: DNS query: clientsettings.roblox.com
                    Source: global trafficDNS traffic detected: DNS query: www.nodejs.org
                    Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5415F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5415F000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54061000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463/rpc?v=1
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5415F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:64632a
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientsettings.roblox.com
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-term4-fra2.roblox.com
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://getsolara.dev
                    Source: BootstrapperV1.22.exe.0.drString found in binary or memory: http://james.newtonking.com/projects/json
                    Source: MyNigga!.exe, 00000002.00000002.4567320477.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF540FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Amcache.hve.14.drString found in binary or memory: http://upx.sf.net
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nodejs.org
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://300fa622.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://300fa622.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exex=R
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541EF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://300fa622.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exe
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54061000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://discord.com;http://127.0.0.1:6463/rpc?v=11
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5410A000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getsolara.dev
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://getsolara.dev/api/endpoint.json
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54073000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54061000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://getsolara.dev/asset/discord.json
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/raw
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawChttps://pastebin.c
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54061000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/raw
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541D9000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ncs.roblox.com/upload
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541D5000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/pjseRvyK
                    Source: BootstrapperV1.22.exe.0.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nodejs.org
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                    Source: BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe.0.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownHTTPS traffic detected: 172.67.203.125:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.203.125:443 -> 192.168.2.6:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 128.116.123.4:443 -> 192.168.2.6:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.6:49719 version: TLS 1.2

                    Operating System Destruction

                    barindex
                    Protects its processes via BreakOnTermination flag
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: 01 00 00 00 Jump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 2.0.MyNigga!.exe.9b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: C:\Users\user\AppData\Roaming\FluxusV1.2, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess Stats: CPU usage > 49%
                    Source: C:\Windows\System32\SIHClient.exeFile created: C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMP69BD.tmp
                    Source: C:\Windows\System32\SIHClient.exeFile created: C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMPA192.tmp
                    Source: C:\Windows\System32\SIHClient.exeFile created: C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\TMP1BA5.tmp
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeCode function: 2_2_00007FFD346F90922_2_00007FFD346F9092
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeCode function: 2_2_00007FFD346F186D2_2_00007FFD346F186D
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeCode function: 2_2_00007FFD346F7ED62_2_00007FFD346F7ED6
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeCode function: 2_2_00007FFD346F20592_2_00007FFD346F2059
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346E6DB83_2_00007FFD346E6DB8
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346E6DB03_2_00007FFD346E6DB0
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346EE8983_2_00007FFD346EE898
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346F2AB03_2_00007FFD346F2AB0
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346F25D33_2_00007FFD346F25D3
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346F95A93_2_00007FFD346F95A9
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346E49283_2_00007FFD346E4928
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346FAC113_2_00007FFD346FAC11
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe EBBCB489171ABFCFCE56554DBAEACD22A15838391CBC7C756DB02995129DEF5A
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7084 -s 2188
                    Source: oIDX88LpSs.exe, 00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMyNigga!.exe4 vs oIDX88LpSs.exe
                    Source: oIDX88LpSs.exeBinary or memory string: OriginalFilenameOutput.exe4 vs oIDX88LpSs.exe
                    Source: oIDX88LpSs.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 2.0.MyNigga!.exe.9b0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: C:\Users\user\AppData\Roaming\FluxusV1.2, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: oIDX88LpSs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: oIDX88LpSs.exe, 6erNU9GoRtGQsFcnnrGTGgBTl1yaTwHR6rinJwi9plL4REYW5dMRtyPsdevOJ0m8ncPWxIZGM.csCryptographic APIs: 'TransformFinalBlock'
                    Source: MyNigga!.exe.0.dr, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csCryptographic APIs: 'TransformFinalBlock'
                    Source: MyNigga!.exe.0.dr, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: MyNigga!.exe.0.dr, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: FluxusV1.2.2.dr, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csCryptographic APIs: 'TransformFinalBlock'
                    Source: MyNigga!.exe.0.dr, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csBase64 encoded string: 'QiamGmoEX3zEaiB7jomxiUiYlXdBll5VNvZCONfJJZT7dzhp6icN2T0XBSCP6JZ32RnNjTrfhEGL', 'VEo6kE4Eu88feqz2TnuNxCe1Wt6pMJBPZBLiAs4Jit1Vl84oc2p7HE7ubS236xkqjKMPu8yXQ220', 'pFDHTv8dzmVT5cdhzPqeeKrTanQRN4jU2ZDKzDbflH73hUpwrH5m7ZenRTP3kBpSxj7xKORs3vb8', 'iJYJct2SVfOBjRpftkVpnvThpW1lrWn9wyDrevufVA5PSHEi8k1ZwLJcfwjh1AAIK97pyFr1qFbO', 'Gmw5GJMmljKoqMNZYZQByiOD688GiJ8kS47841pVbbXt2gOyrO9VBl303Fp6A2AHq6hOQVWfbo3I', 'NTKYezmNFmEoTmei08SYHSgPIA1WhICauFeY7tUmFPHg3uZEo25bCFsiqDEA8f5H3EsdPaM1Cfry', 'HgC1rTjd6Mygu5q4XdhcwwUf5o8CkqkoYdK4xAhQcNK0Xl5SkhBS5SvewRBDIOhT8Kvr56n9XN8j', 'tQDEQ7YXSe3VKPsJIIhiuNBm2rTEDgL7hcIxMA1pxJoCTQMIJZci5oNLkICmYpwyT7AFjqSxPS8c', 'nEme1xg0XjwMt931qDVMlHcmbVAF3AfP3vEEMnmwCPLAjtFfHWqEXAkDPfv7O4TqeMVHf7SYU6K9', 'UubGsrWmXp9Wbo35FHOgRy2tq6A6swsVT1gQG8kMZJntJ9xCNnUYacvDBSPJZo7HKhLAlz60TEam'
                    Source: MyNigga!.exe.0.dr, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csBase64 encoded string: 'vyXwoJkwKvsIzP7BGaLnMN4sF818fDahmlRYMYbwvHYPaL0xY7b3BBG2JO9WSaB4y0aF0hxzTuA6', 'VFMlywpvMizqrVkcb7eSrij3TET1496k8eJsf0QqakJT8RPOSblDhhcJpU7n9qymF8qkjDQLbLHO', 'iM9Tn4I1zTKWORK66Y7qAfqeeic8p9pSiC8UFS1W7nlcnuadF1q97eq8mr5abdNVc1OrwThvvfhD'
                    Source: MyNigga!.exe.0.dr, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csBase64 encoded string: 'Qia3JH5ymF4uaot3NOgNGEc2iJqN9Yz61iNWNXofusbPwKpWHLo652S9dPDQfxG97PWrtffubGbD', 'tvYpjF0Fhr1T7jvAXq1ftkzOAcIOVxZh80V69WF9xlcAFdBrIEON1yXC0eMGKdOAmekK0kvg1632'
                    Source: MyNigga!.exe.0.dr, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csBase64 encoded string: 'rtxq5Rof5VoK1gUZBqQBCqYhJ5aIvZmIb2eGxnrlmOGOSvSmfQHBJL0EQd9R5ohd5NItSCijh1rv', 'x5RLU7OBqzlw1QybpIx5MhdSJNBz23u90nG367hmWm8BBqSe1g80LHWgl8NorbWtCqAx6q25XBrx', 'XUr0GkELP964gE0qbsFOecveuCGbaGPoSBqdaskJtLMd0qyYLa498rDBWJ5e5PYnBjJQYEYRl6HT', 'ZLxfcNUPqaZWJtIsJpxbiTIjhAriL5OcI9G5ycHNrMdU0nTZLrl2Dn3H5YSK7OyBxlgnHr5XTb9c', 'Le0FQcDbNUoDNQtOwagaZDMdywgQBY5WxGhuLBZLREnV1NQnJkcV74Z9kEj3vQbJpRfIhi0wt4uy', 'KgVv2gYZOCy9II0A0VYHeo2tvMef1X9YtlnmlpSN1TsMqcRVnUUo8k7eIuZOf20E22b27Eyb1VIS', 'ScRFWcLIiLeHtPcypfhWfvXhxfO7i9SslqIHtZ6kd74Nimh8X81Tq7cdNUVqbapzr2BmQ4p5XHmB', 'MpIf5hgk8GifrzO7jaRErduFRd4yvWxzCTcvErgMhnDkWmo6MziCxUHy2GcFtqfbte9rackeK72E', 'R7RyBRhJpKUJIvDaqEyNV12fLDoXfrahTFW0WdbAl76oh56QtWJIhXIPRfUt9rpp3L98wXepqJJx'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csBase64 encoded string: 'QiamGmoEX3zEaiB7jomxiUiYlXdBll5VNvZCONfJJZT7dzhp6icN2T0XBSCP6JZ32RnNjTrfhEGL', 'VEo6kE4Eu88feqz2TnuNxCe1Wt6pMJBPZBLiAs4Jit1Vl84oc2p7HE7ubS236xkqjKMPu8yXQ220', 'pFDHTv8dzmVT5cdhzPqeeKrTanQRN4jU2ZDKzDbflH73hUpwrH5m7ZenRTP3kBpSxj7xKORs3vb8', 'iJYJct2SVfOBjRpftkVpnvThpW1lrWn9wyDrevufVA5PSHEi8k1ZwLJcfwjh1AAIK97pyFr1qFbO', 'Gmw5GJMmljKoqMNZYZQByiOD688GiJ8kS47841pVbbXt2gOyrO9VBl303Fp6A2AHq6hOQVWfbo3I', 'NTKYezmNFmEoTmei08SYHSgPIA1WhICauFeY7tUmFPHg3uZEo25bCFsiqDEA8f5H3EsdPaM1Cfry', 'HgC1rTjd6Mygu5q4XdhcwwUf5o8CkqkoYdK4xAhQcNK0Xl5SkhBS5SvewRBDIOhT8Kvr56n9XN8j', 'tQDEQ7YXSe3VKPsJIIhiuNBm2rTEDgL7hcIxMA1pxJoCTQMIJZci5oNLkICmYpwyT7AFjqSxPS8c', 'nEme1xg0XjwMt931qDVMlHcmbVAF3AfP3vEEMnmwCPLAjtFfHWqEXAkDPfv7O4TqeMVHf7SYU6K9', 'UubGsrWmXp9Wbo35FHOgRy2tq6A6swsVT1gQG8kMZJntJ9xCNnUYacvDBSPJZo7HKhLAlz60TEam'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csBase64 encoded string: 'vyXwoJkwKvsIzP7BGaLnMN4sF818fDahmlRYMYbwvHYPaL0xY7b3BBG2JO9WSaB4y0aF0hxzTuA6', 'VFMlywpvMizqrVkcb7eSrij3TET1496k8eJsf0QqakJT8RPOSblDhhcJpU7n9qymF8qkjDQLbLHO', 'iM9Tn4I1zTKWORK66Y7qAfqeeic8p9pSiC8UFS1W7nlcnuadF1q97eq8mr5abdNVc1OrwThvvfhD'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csBase64 encoded string: 'Qia3JH5ymF4uaot3NOgNGEc2iJqN9Yz61iNWNXofusbPwKpWHLo652S9dPDQfxG97PWrtffubGbD', 'tvYpjF0Fhr1T7jvAXq1ftkzOAcIOVxZh80V69WF9xlcAFdBrIEON1yXC0eMGKdOAmekK0kvg1632'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csBase64 encoded string: 'rtxq5Rof5VoK1gUZBqQBCqYhJ5aIvZmIb2eGxnrlmOGOSvSmfQHBJL0EQd9R5ohd5NItSCijh1rv', 'x5RLU7OBqzlw1QybpIx5MhdSJNBz23u90nG367hmWm8BBqSe1g80LHWgl8NorbWtCqAx6q25XBrx', 'XUr0GkELP964gE0qbsFOecveuCGbaGPoSBqdaskJtLMd0qyYLa498rDBWJ5e5PYnBjJQYEYRl6HT', 'ZLxfcNUPqaZWJtIsJpxbiTIjhAriL5OcI9G5ycHNrMdU0nTZLrl2Dn3H5YSK7OyBxlgnHr5XTb9c', 'Le0FQcDbNUoDNQtOwagaZDMdywgQBY5WxGhuLBZLREnV1NQnJkcV74Z9kEj3vQbJpRfIhi0wt4uy', 'KgVv2gYZOCy9II0A0VYHeo2tvMef1X9YtlnmlpSN1TsMqcRVnUUo8k7eIuZOf20E22b27Eyb1VIS', 'ScRFWcLIiLeHtPcypfhWfvXhxfO7i9SslqIHtZ6kd74Nimh8X81Tq7cdNUVqbapzr2BmQ4p5XHmB', 'MpIf5hgk8GifrzO7jaRErduFRd4yvWxzCTcvErgMhnDkWmo6MziCxUHy2GcFtqfbte9rackeK72E', 'R7RyBRhJpKUJIvDaqEyNV12fLDoXfrahTFW0WdbAl76oh56QtWJIhXIPRfUt9rpp3L98wXepqJJx'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csBase64 encoded string: 'QiamGmoEX3zEaiB7jomxiUiYlXdBll5VNvZCONfJJZT7dzhp6icN2T0XBSCP6JZ32RnNjTrfhEGL', 'VEo6kE4Eu88feqz2TnuNxCe1Wt6pMJBPZBLiAs4Jit1Vl84oc2p7HE7ubS236xkqjKMPu8yXQ220', 'pFDHTv8dzmVT5cdhzPqeeKrTanQRN4jU2ZDKzDbflH73hUpwrH5m7ZenRTP3kBpSxj7xKORs3vb8', 'iJYJct2SVfOBjRpftkVpnvThpW1lrWn9wyDrevufVA5PSHEi8k1ZwLJcfwjh1AAIK97pyFr1qFbO', 'Gmw5GJMmljKoqMNZYZQByiOD688GiJ8kS47841pVbbXt2gOyrO9VBl303Fp6A2AHq6hOQVWfbo3I', 'NTKYezmNFmEoTmei08SYHSgPIA1WhICauFeY7tUmFPHg3uZEo25bCFsiqDEA8f5H3EsdPaM1Cfry', 'HgC1rTjd6Mygu5q4XdhcwwUf5o8CkqkoYdK4xAhQcNK0Xl5SkhBS5SvewRBDIOhT8Kvr56n9XN8j', 'tQDEQ7YXSe3VKPsJIIhiuNBm2rTEDgL7hcIxMA1pxJoCTQMIJZci5oNLkICmYpwyT7AFjqSxPS8c', 'nEme1xg0XjwMt931qDVMlHcmbVAF3AfP3vEEMnmwCPLAjtFfHWqEXAkDPfv7O4TqeMVHf7SYU6K9', 'UubGsrWmXp9Wbo35FHOgRy2tq6A6swsVT1gQG8kMZJntJ9xCNnUYacvDBSPJZo7HKhLAlz60TEam'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csBase64 encoded string: 'vyXwoJkwKvsIzP7BGaLnMN4sF818fDahmlRYMYbwvHYPaL0xY7b3BBG2JO9WSaB4y0aF0hxzTuA6', 'VFMlywpvMizqrVkcb7eSrij3TET1496k8eJsf0QqakJT8RPOSblDhhcJpU7n9qymF8qkjDQLbLHO', 'iM9Tn4I1zTKWORK66Y7qAfqeeic8p9pSiC8UFS1W7nlcnuadF1q97eq8mr5abdNVc1OrwThvvfhD'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csBase64 encoded string: 'Qia3JH5ymF4uaot3NOgNGEc2iJqN9Yz61iNWNXofusbPwKpWHLo652S9dPDQfxG97PWrtffubGbD', 'tvYpjF0Fhr1T7jvAXq1ftkzOAcIOVxZh80V69WF9xlcAFdBrIEON1yXC0eMGKdOAmekK0kvg1632'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csBase64 encoded string: 'rtxq5Rof5VoK1gUZBqQBCqYhJ5aIvZmIb2eGxnrlmOGOSvSmfQHBJL0EQd9R5ohd5NItSCijh1rv', 'x5RLU7OBqzlw1QybpIx5MhdSJNBz23u90nG367hmWm8BBqSe1g80LHWgl8NorbWtCqAx6q25XBrx', 'XUr0GkELP964gE0qbsFOecveuCGbaGPoSBqdaskJtLMd0qyYLa498rDBWJ5e5PYnBjJQYEYRl6HT', 'ZLxfcNUPqaZWJtIsJpxbiTIjhAriL5OcI9G5ycHNrMdU0nTZLrl2Dn3H5YSK7OyBxlgnHr5XTb9c', 'Le0FQcDbNUoDNQtOwagaZDMdywgQBY5WxGhuLBZLREnV1NQnJkcV74Z9kEj3vQbJpRfIhi0wt4uy', 'KgVv2gYZOCy9II0A0VYHeo2tvMef1X9YtlnmlpSN1TsMqcRVnUUo8k7eIuZOf20E22b27Eyb1VIS', 'ScRFWcLIiLeHtPcypfhWfvXhxfO7i9SslqIHtZ6kd74Nimh8X81Tq7cdNUVqbapzr2BmQ4p5XHmB', 'MpIf5hgk8GifrzO7jaRErduFRd4yvWxzCTcvErgMhnDkWmo6MziCxUHy2GcFtqfbte9rackeK72E', 'R7RyBRhJpKUJIvDaqEyNV12fLDoXfrahTFW0WdbAl76oh56QtWJIhXIPRfUt9rpp3L98wXepqJJx'
                    Source: FluxusV1.2.2.dr, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csBase64 encoded string: 'QiamGmoEX3zEaiB7jomxiUiYlXdBll5VNvZCONfJJZT7dzhp6icN2T0XBSCP6JZ32RnNjTrfhEGL', 'VEo6kE4Eu88feqz2TnuNxCe1Wt6pMJBPZBLiAs4Jit1Vl84oc2p7HE7ubS236xkqjKMPu8yXQ220', 'pFDHTv8dzmVT5cdhzPqeeKrTanQRN4jU2ZDKzDbflH73hUpwrH5m7ZenRTP3kBpSxj7xKORs3vb8', 'iJYJct2SVfOBjRpftkVpnvThpW1lrWn9wyDrevufVA5PSHEi8k1ZwLJcfwjh1AAIK97pyFr1qFbO', 'Gmw5GJMmljKoqMNZYZQByiOD688GiJ8kS47841pVbbXt2gOyrO9VBl303Fp6A2AHq6hOQVWfbo3I', 'NTKYezmNFmEoTmei08SYHSgPIA1WhICauFeY7tUmFPHg3uZEo25bCFsiqDEA8f5H3EsdPaM1Cfry', 'HgC1rTjd6Mygu5q4XdhcwwUf5o8CkqkoYdK4xAhQcNK0Xl5SkhBS5SvewRBDIOhT8Kvr56n9XN8j', 'tQDEQ7YXSe3VKPsJIIhiuNBm2rTEDgL7hcIxMA1pxJoCTQMIJZci5oNLkICmYpwyT7AFjqSxPS8c', 'nEme1xg0XjwMt931qDVMlHcmbVAF3AfP3vEEMnmwCPLAjtFfHWqEXAkDPfv7O4TqeMVHf7SYU6K9', 'UubGsrWmXp9Wbo35FHOgRy2tq6A6swsVT1gQG8kMZJntJ9xCNnUYacvDBSPJZo7HKhLAlz60TEam'
                    Source: FluxusV1.2.2.dr, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csBase64 encoded string: 'vyXwoJkwKvsIzP7BGaLnMN4sF818fDahmlRYMYbwvHYPaL0xY7b3BBG2JO9WSaB4y0aF0hxzTuA6', 'VFMlywpvMizqrVkcb7eSrij3TET1496k8eJsf0QqakJT8RPOSblDhhcJpU7n9qymF8qkjDQLbLHO', 'iM9Tn4I1zTKWORK66Y7qAfqeeic8p9pSiC8UFS1W7nlcnuadF1q97eq8mr5abdNVc1OrwThvvfhD'
                    Source: FluxusV1.2.2.dr, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csBase64 encoded string: 'Qia3JH5ymF4uaot3NOgNGEc2iJqN9Yz61iNWNXofusbPwKpWHLo652S9dPDQfxG97PWrtffubGbD', 'tvYpjF0Fhr1T7jvAXq1ftkzOAcIOVxZh80V69WF9xlcAFdBrIEON1yXC0eMGKdOAmekK0kvg1632'
                    Source: FluxusV1.2.2.dr, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csBase64 encoded string: 'rtxq5Rof5VoK1gUZBqQBCqYhJ5aIvZmIb2eGxnrlmOGOSvSmfQHBJL0EQd9R5ohd5NItSCijh1rv', 'x5RLU7OBqzlw1QybpIx5MhdSJNBz23u90nG367hmWm8BBqSe1g80LHWgl8NorbWtCqAx6q25XBrx', 'XUr0GkELP964gE0qbsFOecveuCGbaGPoSBqdaskJtLMd0qyYLa498rDBWJ5e5PYnBjJQYEYRl6HT', 'ZLxfcNUPqaZWJtIsJpxbiTIjhAriL5OcI9G5ycHNrMdU0nTZLrl2Dn3H5YSK7OyBxlgnHr5XTb9c', 'Le0FQcDbNUoDNQtOwagaZDMdywgQBY5WxGhuLBZLREnV1NQnJkcV74Z9kEj3vQbJpRfIhi0wt4uy', 'KgVv2gYZOCy9II0A0VYHeo2tvMef1X9YtlnmlpSN1TsMqcRVnUUo8k7eIuZOf20E22b27Eyb1VIS', 'ScRFWcLIiLeHtPcypfhWfvXhxfO7i9SslqIHtZ6kd74Nimh8X81Tq7cdNUVqbapzr2BmQ4p5XHmB', 'MpIf5hgk8GifrzO7jaRErduFRd4yvWxzCTcvErgMhnDkWmo6MziCxUHy2GcFtqfbte9rackeK72E', 'R7RyBRhJpKUJIvDaqEyNV12fLDoXfrahTFW0WdbAl76oh56QtWJIhXIPRfUt9rpp3L98wXepqJJx'
                    Source: FluxusV1.2.2.dr, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: FluxusV1.2.2.dr, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: MyNigga!.exe.0.dr, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: MyNigga!.exe.0.dr, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, nHofwfuZBubj5cDBdBG9TsTr2q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@23/19@6/5
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeFile created: C:\Users\user\AppData\Roaming\MyNigga!.exeJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_03
                    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7084
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeMutant created: NULL
                    Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6416:120:WilError_03
                    Source: C:\Windows\System32\SIHClient.exeMutant created: {376155FF-95A0-46CA-8F57-ACB09EA70153}
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeMutant created: \Sessions\1\BaseNamedObjects\pAAWfDfK5sHwddPw
                    Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3796:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6764:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_03
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeMutant created: \Sessions\1\BaseNamedObjects\8FQwHxphgRGaYrfc5
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile created: C:\Users\user\AppData\Local\Temp\Log.tmpJump to behavior
                    Source: oIDX88LpSs.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: oIDX88LpSs.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Windows\System32\SIHClient.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Windows\System32\SIHClient.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: unknownProcess created: C:\Users\user\Desktop\oIDX88LpSs.exe "C:\Users\user\Desktop\oIDX88LpSs.exe"
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess created: C:\Users\user\AppData\Roaming\MyNigga!.exe "C:\Users\user\AppData\Roaming\MyNigga!.exe"
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess created: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe "C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe"
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2"
                    Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7084 -s 2188
                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess created: C:\Windows\System32\SIHClient.exe C:\Windows\System32\sihclient.exe /cv 7NrvztKWqECbt1RuJH7L+Q.0.2
                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess created: C:\Users\user\AppData\Roaming\MyNigga!.exe "C:\Users\user\AppData\Roaming\MyNigga!.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess created: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe "C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /allJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: avicap32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: msvfw32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                    Source: FluxusV1.lnk.2.drLNK file: ..\..\..\..\..\FluxusV1.2
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: oIDX88LpSs.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: oIDX88LpSs.exeStatic file information: File size 1073664 > 1048576
                    Source: oIDX88LpSs.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: System.Runtime.Serialization.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: .22.PDB source: BootstrapperV1.22.exe, 00000003.00000002.2254195072.000001BF53F2A000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54334000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: System.Windows.Forms.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Drawing.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Configuration.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.ni.pdbRSDSC source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Configuration.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Drawing.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.pdb source: BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54334000.00000004.00000800.00020000.00000000.sdmp, WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.ni.pdbRSDS# source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Core.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Data.pdbH source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Numerics.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Windows.Forms.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Xml.pdbH source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: mscorlib.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Drawing.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: mscorlib.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Core.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Runtime.Serialization.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Numerics.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.ni.pdb source: WERD84A.tmp.dmp.14.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WERD84A.tmp.dmp.14.dr

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: MyNigga!.exe.0.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{cr1vYmUoWA827Qjk0a5UCxF4hG.h2EyfuBxvbF3nJfMe7lbGOt7Iq,cr1vYmUoWA827Qjk0a5UCxF4hG.tbOLBm1RDUA274a7uT509LzOUq,cr1vYmUoWA827Qjk0a5UCxF4hG.Abfkpa5Vi34VPtBiEJBmtBAapc,cr1vYmUoWA827Qjk0a5UCxF4hG._7dZ1VWnJ6edqILF8DCRTB2DbHv,HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.KSemhoXSH4yhV74mOzNyVc3Cazw99MPaUTWd4L5S9qg6u9fLOXjSqM7ltee()}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: MyNigga!.exe.0.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{iCv3CGDzL780B8makpkFXmR8a1[2],HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.gj5U3XdNcGjgRwKAkGMsOakQjGP1eXOqwIoX3Xwrsejp0Dwu5nQ3kPyGmAx(Convert.FromBase64String(iCv3CGDzL780B8makpkFXmR8a1[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{cr1vYmUoWA827Qjk0a5UCxF4hG.h2EyfuBxvbF3nJfMe7lbGOt7Iq,cr1vYmUoWA827Qjk0a5UCxF4hG.tbOLBm1RDUA274a7uT509LzOUq,cr1vYmUoWA827Qjk0a5UCxF4hG.Abfkpa5Vi34VPtBiEJBmtBAapc,cr1vYmUoWA827Qjk0a5UCxF4hG._7dZ1VWnJ6edqILF8DCRTB2DbHv,HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.KSemhoXSH4yhV74mOzNyVc3Cazw99MPaUTWd4L5S9qg6u9fLOXjSqM7ltee()}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{iCv3CGDzL780B8makpkFXmR8a1[2],HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.gj5U3XdNcGjgRwKAkGMsOakQjGP1eXOqwIoX3Xwrsejp0Dwu5nQ3kPyGmAx(Convert.FromBase64String(iCv3CGDzL780B8makpkFXmR8a1[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{cr1vYmUoWA827Qjk0a5UCxF4hG.h2EyfuBxvbF3nJfMe7lbGOt7Iq,cr1vYmUoWA827Qjk0a5UCxF4hG.tbOLBm1RDUA274a7uT509LzOUq,cr1vYmUoWA827Qjk0a5UCxF4hG.Abfkpa5Vi34VPtBiEJBmtBAapc,cr1vYmUoWA827Qjk0a5UCxF4hG._7dZ1VWnJ6edqILF8DCRTB2DbHv,HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.KSemhoXSH4yhV74mOzNyVc3Cazw99MPaUTWd4L5S9qg6u9fLOXjSqM7ltee()}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{iCv3CGDzL780B8makpkFXmR8a1[2],HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.gj5U3XdNcGjgRwKAkGMsOakQjGP1eXOqwIoX3Xwrsejp0Dwu5nQ3kPyGmAx(Convert.FromBase64String(iCv3CGDzL780B8makpkFXmR8a1[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: FluxusV1.2.2.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{cr1vYmUoWA827Qjk0a5UCxF4hG.h2EyfuBxvbF3nJfMe7lbGOt7Iq,cr1vYmUoWA827Qjk0a5UCxF4hG.tbOLBm1RDUA274a7uT509LzOUq,cr1vYmUoWA827Qjk0a5UCxF4hG.Abfkpa5Vi34VPtBiEJBmtBAapc,cr1vYmUoWA827Qjk0a5UCxF4hG._7dZ1VWnJ6edqILF8DCRTB2DbHv,HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.KSemhoXSH4yhV74mOzNyVc3Cazw99MPaUTWd4L5S9qg6u9fLOXjSqM7ltee()}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: FluxusV1.2.2.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{iCv3CGDzL780B8makpkFXmR8a1[2],HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.gj5U3XdNcGjgRwKAkGMsOakQjGP1eXOqwIoX3Xwrsejp0Dwu5nQ3kPyGmAx(Convert.FromBase64String(iCv3CGDzL780B8makpkFXmR8a1[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                    .NET source code contains potential unpacker
                    Source: MyNigga!.exe.0.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: EaEpGw36JMEDJRe3miGBPyMlQ6 System.AppDomain.Load(byte[])
                    Source: MyNigga!.exe.0.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH System.AppDomain.Load(byte[])
                    Source: MyNigga!.exe.0.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: EaEpGw36JMEDJRe3miGBPyMlQ6 System.AppDomain.Load(byte[])
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH System.AppDomain.Load(byte[])
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: EaEpGw36JMEDJRe3miGBPyMlQ6 System.AppDomain.Load(byte[])
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH System.AppDomain.Load(byte[])
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH
                    Source: FluxusV1.2.2.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: EaEpGw36JMEDJRe3miGBPyMlQ6 System.AppDomain.Load(byte[])
                    Source: FluxusV1.2.2.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH System.AppDomain.Load(byte[])
                    Source: FluxusV1.2.2.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.cs.Net Code: XzRAbwMylpftVFxC6ZlSX8x4NH
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeCode function: 2_2_00007FFD346F24AD push E95D543Bh; retf 2_2_00007FFD346F2589
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeCode function: 2_2_00007FFD346F243D push E95D543Bh; retf 2_2_00007FFD346F2589
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346FD668 push ss; retf 3_2_00007FFD346FD837
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346E00BD pushad ; iretd 3_2_00007FFD346E00C1
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346E7A48 push ebx; retf 5F4Dh3_2_00007FFD346E7A6A
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeCode function: 3_2_00007FFD346FA272 push ebx; retf 3_2_00007FFD346FA282
                    Source: oIDX88LpSs.exeStatic PE information: section name: .text entropy: 7.997455883815368
                    Source: oIDX88LpSs.exe, 6erNU9GoRtGQsFcnnrGTGgBTl1yaTwHR6rinJwi9plL4REYW5dMRtyPsdevOJ0m8ncPWxIZGM.csHigh entropy of concatenated method names: 'l32tkBUxwdBvpyeMmPt16Hxp0SRF2LAPlhVLDNV4169SB40qxYvBngUsTVlFCEvXdQnNpQHml', 'JGtIU3ZIYHZ0wFvRwlkyOqk5L8yHlA1sxxsJKLKHaorUw9hknPBOCqH6a2FgCJMUwABlcKbsP', 'DBpBxuFaSFuyVHuOct6O4u4OfeIwkeP0FZPiKNn6v4oubvJIgg9NHx4Yqkp5pv3AKU8mrsScz', 'K7w1uTrw6eTVhaTlepN7YygebnUaIB48c8ud2DJQE7eiACUGH1eOZjJ5nF2slILwZ4LioKs5D', 'SckIXPFLtwrar7KEyyMsGhrgwG2n56kZfOreWcSOuaVvRqWwbLjS2htKu97', 'iw1tk4bKOUTQyTjCoZyu9QICbbPVHFWZKzMjeDP1OMXZ51Fu3xbowbnLQZA', 'gIMOjaQ8PzdIURhXo5wrgJorVUuFFgOZWzDknVbMBxHx7MLJ4xgdGxaHFgF', 'jtGvKAwXsUIrmY8rc2HNJxUm11fNLIpIAwbY87R9HwDfY00xBz2MU8XTT8V', 'xTT3JHA6UQ6wTvLlDPWi9oBcy3YobXnr45H3NA5B7UYrXKZCidyCCCXHTUf', 'jrbHkxUvZ1eZa9DBPt9aphAZEKUW1o2FOzR3GJRiUFWaAeQzwhlqcW72K92'
                    Source: oIDX88LpSs.exe, hO0FzIpqPd4LkEhD4ZWJHKuBnEiqP0DkpVRCcU38YDcWVuWBovCPBjCgSYJpSzXUSIitBZCcX.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'XOVH1muPBJVdAlqt0EL5HHasW8dTvAMMxC1AsDep7dntMM65K0yQDW0Ah86', 'FDnvZwKoLcuyHnAWOBhiCeEvVmlv5sBNOUEFq3P7VcdObL1LK8vBdWvLsiw', 'OmupEak8B1NuZkoiVgdyiISYRXxlgJqgxE9KN64XZBTVB4sv89nZaVS4Dc3', 'CwePezRj3Fr5FOl7W66UbmJXbm5D8q0IxAuvbv5SLoM2BrBpINTho1v05mJ'
                    Source: MyNigga!.exe.0.dr, cr1vYmUoWA827Qjk0a5UCxF4hG.csHigh entropy of concatenated method names: 'fyeU9AxGw5jCo6jhbn515DtDEYSuvGVtGjrJNEygS1cI', 'lZnzwd18ce11dsW9ceza9J8PTkbeDqbFQdoK1tWMJ95r', 'Pb6spKLQM3VRgaDFQqlGCboObEwJmgBgxGrv9E3RlQIA', '_8xIZnDb1zQvtUYwJzIWChfrF5PNclkrKPzDl01rOSNO4'
                    Source: MyNigga!.exe.0.dr, m6Na4dP1oFMCkrcGGL0mqHQAAxOZ4jViwW8utTuGlHXwf62yG1i0e2LFBQ2.csHigh entropy of concatenated method names: '_1qQobQwfC3BZXFDgN45Zn0ZYqIZprjyyq7706XNPOxNiO06hqMVKbcYSesp', 'y252ODASucLxXtvJ68oq9mO8ipsyu0gua3SX4aJ0sokz2Lnw1aX55BG22UG', 'ELfZolPZ2Vy4UvXGWBYdie1X1L9sHt8mo9kdAf6Nxw1Nb9QmX9E66k00RUY', 'fzbV5PMeXg1VrOJXWNVEhbkHrUJezta0OguOmXSuxX7mUhmOiV8kZ0ZVc0XwX', '_5gvOUWTiSLfq7qJnFrYGNUgTEk4XpFeH4CZyZ60nfmO20xB7xcdtM7bFmG2CZ', 'm3eFmIvFIXaxe8tCdghiUoU22ein7MMADurE32eJ0XJXpfMS7ywdOOuXWKfgK', 'srcnxNTxzwcRfPtGIGidl1IW6DNbRitHzzgc1G44N4kiRjk1YnTFkfBp2Urn4', 'YYK8vfshyxHShm9AM1V4WAVQsrDrAMpRUNuCvMdTj82EPataOlt49wgBCkOf2', '_9KdBJRlch3CLwTwTEWsKFIYAQOnp9vGvhcMMfnSVHXUEk0IkfAwSd6D9Rfrda', 'lV4pVDpoiT7WZAiJC0Uw96ZNqaeEvEUE7noLft3e8Z2tweQDFVSeH97URfu2M'
                    Source: MyNigga!.exe.0.dr, KGc4FHS1KfPCQB4LKxld1jofGn.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'qvs8VBnRNGpFIQObRaB37OCc3i4LHMlIkedPlCLMW3Bj', 'vxIgN4MaGCavv2RGOjH36h7OJEZIMzgudCZpoPA3X760', 'kpsehZOJHa1OS5h1KNJiqdHQHF4fVE2HMNWbFE7eqh8I', 'dSqxYOCUwGEgQ1bVkvQvxCIPPt9htUlKMMaIePEmC0qH'
                    Source: MyNigga!.exe.0.dr, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csHigh entropy of concatenated method names: 'qTRMJJbumLlaKev5QX0PV0hROeKGb3DJVF7a3majgWToLUk5TrSkLL0JEtP', 'r8L96OTFMvsSSdLtu1Hv98dUfpXlPzpwHEuVxU2aTa8mJEN8E6r35myPiVA', 'TtcUBTiC0xNxrhNCQIB4qjYDpsxRoqICmy5apHSSoHbcxZRVI5zBZ4Uh8gN', 'YBxK7HTqW1ESxjFBLSGljIVdHoxHOBhL7hvmtLGFLLX5azSwoN0LbaA05vK', 'PnHYLwhB6MB9T4DxaC8tdHLk9zNfGRtjL55WkqHzZUXILttCOvkn5ATvvnD', 'JRNIox8Z3mIWfI5xLc60vUzqMhRGyUxTEMuZO24LNsliT59EurCiHkGkbIf', 'ON23Fyf59PVN7p5cQMRiWnKaPU3qRpnAEB5vOhMuR8LoiIzwcIcd5KQw48N', '_00KHclEscPHcys9KLQR5wcNGTb3bLAzeHLmtBBfmSoiOLcoxDMMgxfSLtHm', 'w84S9yc9nOPEtADdaVsaEbEEgh5XSM2SRw00Mi7sI8uyXV89vGS6oGMbM1r', 'aNsO9yBlGo7N2uUAchUSku4R2Iox9ccOzxiHCUWEJYqjM6f9Ob55Wxjzlv2'
                    Source: MyNigga!.exe.0.dr, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csHigh entropy of concatenated method names: 'Mulp7zUdSK9VYu5IZad0FEyupQP3isuHGuCDcRQiJxQulOK7Shg8pyUUvDs', '_2HbNt4XG8rI1HKjVNZbw1CoZL9wG2S51sZ1RlKIGL7bNB2KRlbaH4B7a19e', 'QJwP9Y6enPgjLwCNywUy9XkmgxTzio2U7LNVWWemEJO1ePc4Z4ty97iqyYk', '_4HrhtnYpd4KfQFHb7AKYeWI2XBKCYfJL8c7KJPULMDVGvILyeCmS22hSYn3', 'my9E6khIp6RoQtLVaDTPqpQLwDdav3H2cBLkiBF1BE5LZ8d6sn0iSURQwEkAOJQqZvjFvVtqxTt3', 'WufbtFzfM6Ou4aWjTbtTipr2k49m6ZIJ7ZYNL6aAcqqhWtL4uqYEoUuKsWjhrc4n4ITxSDc44OXm', 'RPyLLpBR90uUAPzFKM827jCidpbJKPT9d76Stx2nRsTEnUC8gKQSRb36PEtAqvMjsBtm6mTjTLOJ', 'x0xfMhqQwO6D0RvIFww9Dr8JxC1P8GDaUa9yKCnJ94MwLAj0psBoxPeVZ4z1lAdPIbXraI0jfvZK', '_77MFPIL8sXPNGzf6Vr2YyHh3ehiJT5w0BArWTcJPf0QSzVIHxkTkcJiScL08x5ydF63gS3Ll2h2x', 'Ifg7sxQUD18K2UHgPtFeucjteYcrBFjGw8A74f4muNVKjMRPAE4nCnvqf1NHZGdgndhjWmq3vAgW'
                    Source: MyNigga!.exe.0.dr, nHofwfuZBubj5cDBdBG9TsTr2q.csHigh entropy of concatenated method names: 'ELfyIN64gvVpp7SykRVCihrPTD', 'pMJF5MgINI7jrPo1fAXiAJxfka', 'asLMMEqw8jqY4eXTtvhzYVQYNv', 'Wef4FOQRyo9tAx2wxYoVlYMwN6', '_6JUBihuDcb8vOst8qjHwf7UuB5', '_41igpNgCm5vGX9Yci4E8MYp5dk', 'vGfPmAZ0dF66GLz06UtvBsjIaT', 'ZlU4hm4qAQcRXb0MrpfD2woqcp', '_9GoGqF8cvVV0RAzR529nkF3XvG', 'PxUqAsdiTIOl41dZFxuXn6vxSn'
                    Source: MyNigga!.exe.0.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.csHigh entropy of concatenated method names: 'e0eTGJjyteWiHuiyFlwbHW4il0', 'EaEpGw36JMEDJRe3miGBPyMlQ6', 'Aleca4La6EV6C5NWVU8gOZgFRo', 'fgcpLIuTLJ3cU8m37DSBp2vasD', 'xOcfv2pwntCi1mfdOBrZY1BdWS', 'Vl2B24fjdLNgdms6tDas54hBha', 'qsh0GOvE9SVMQCEVL4xpJkQZYO', 'Ikhg0ZKkwT1KaSzqPN7p7g8Hm7', 'GLyOtTQHVPQqJiLuiWs3Lk9ths', 'Z8UuTBtMQNVYsuD3h6DUxI25XY'
                    Source: MyNigga!.exe.0.dr, 1IzZeZTCJbjXCt7H00DOEXEv14.csHigh entropy of concatenated method names: 'FGNIsJmOykr3ePLIvfghdl82rE', 'iFMfNJ8tX7tyyJsVz54nOofmpWqm0UlCHP3Jh2daFxqJ', '_1Aaw4RFWjQVydm3WDNOfGFQjzh3P1B9ILUhqqx2ONVsy', '_4O6xqRfIIC7p2Jv3RL7qNzv5stbSYR9gxRjf6bmaYJzL', 'jQZZVEYz1wKZmlKz32FwUYq8ccFSMpoVymeH0OH4k4ED'
                    Source: MyNigga!.exe.0.dr, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csHigh entropy of concatenated method names: 'X62lMf9Fo642ghnpIdH4ryrmWJnk5ojYqcmADta3uxk0WAPMDYottPU2RRE', 'KUJQI2n84phxAWGmHRptJafl2pMbccyfgxCQZWNRzf66ShXdIqnxVf2h9dDXTVqr5J3iM9PQHwr5', 'Blr9tkCYi6BWhPs187jQjtqCes5OTtVjdUIeIC7lmiu8GduDNlPK4ZljZFFQdgrXuXFGKY6x8o1a', 'GQSx9Q50t9YTZplZikXb96OzLV4cbvIcAzqPKYIkAIEQykjMhb1ITIVhkapVudX6GGkzGAu0jlzj', '_0elCUiPfUSuvWL1HLrc9OQRnDOlqPdJLNxIs9Q0sSNmyctfNqVqONUzkFFoPNaTry9gOdWzVPSEW'
                    Source: MyNigga!.exe.0.dr, PJALqz39sBtzbnxazUO1cDrRHY.csHigh entropy of concatenated method names: 'mOybXieFxgzFW9F6hFxCu3WTGx', 'eMjHERXKLY7qr9i73mFZgBF8qw', 'pETlcwsuCpoxf73iWgLO3Vxi24', 'MJCQR8d3ayRI2BknSp97GUcAat', 'LSRD3vXFbk1IZ9Ju2x5mznqT3AzXLifIiiJY4smGb6D3', 'quD5R0BocQVtcgV9g4yiaN3I5qCsayPqqKNoCcWuTUm3', '_2F3jHAgxZJ4g5gPpchtfPtG1dIdS8N4IplRobGtY3ArG', 'ZdciAm8ylkTO2AXVEI4eyxDZGtJSoyTNcqD1xV1a0vMD', 'tkOHTlPXRBlnLb9dk8FEZHFe6W11yoxsvsyk7sfLhcoN', 'jXVDi6SCnWW8SZ4o46fiDxbcKJgSkGyRe8yK1aPg9qCs'
                    Source: MyNigga!.exe.0.dr, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csHigh entropy of concatenated method names: 'zz4vBEJbcvwEgGIfmyiut7LrTym3AwtZaTO8JPs7Cc0qFC4HFZ8h49XQUYp', 'UpinnvOruu3DYsOtM7Ik2ELmQz8Ts541mkivta8krXFIUgcvcsDGQi2vNF4', 'WTULDY12DGY3j4RFDHX994Eivlm3gZOo1H50X0aKgnOuKneKosIo3kY8gK5', '_6WR5WhtUNv8vTNugYC68XiqnVNBPQmS5LEHvLHZwZCGHOCMcgPXmNi7XBp1', 'QF6HQhTmfq2t8qh2yKNNy9wgbHt0dTygSjOFmDsPkk11kiZo9HdTNiOP94j', 'K27vHG2YSCvX4IIxlbra0T5qGa5BtyeMoHBMTyMP8TiIYmDUutBTLtAG0n5', 's1RRxCzJyYPsGP2jiTgVKYVW0FYSQSHijzWiQvDU0zRIeDqLWKiZb3QaB0w', 'e2bkoiRpeIASLoQQVIj6ug9f0RIlMqP8FKTbX7IBIi9s37bQcKDGX4mXxF2', 'Y0xP6o7CgV1RDr8A1FMwgYGnhMNfqqw5nFagABz0gBKVIXFCFlJppxnOzdh', 'yHRh8Azo2Diqe4d7KWv4JXD4EFYVegvE0yFh6IhoJtiPPOyrlyBo5daU0KB'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, cr1vYmUoWA827Qjk0a5UCxF4hG.csHigh entropy of concatenated method names: 'fyeU9AxGw5jCo6jhbn515DtDEYSuvGVtGjrJNEygS1cI', 'lZnzwd18ce11dsW9ceza9J8PTkbeDqbFQdoK1tWMJ95r', 'Pb6spKLQM3VRgaDFQqlGCboObEwJmgBgxGrv9E3RlQIA', '_8xIZnDb1zQvtUYwJzIWChfrF5PNclkrKPzDl01rOSNO4'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, m6Na4dP1oFMCkrcGGL0mqHQAAxOZ4jViwW8utTuGlHXwf62yG1i0e2LFBQ2.csHigh entropy of concatenated method names: '_1qQobQwfC3BZXFDgN45Zn0ZYqIZprjyyq7706XNPOxNiO06hqMVKbcYSesp', 'y252ODASucLxXtvJ68oq9mO8ipsyu0gua3SX4aJ0sokz2Lnw1aX55BG22UG', 'ELfZolPZ2Vy4UvXGWBYdie1X1L9sHt8mo9kdAf6Nxw1Nb9QmX9E66k00RUY', 'fzbV5PMeXg1VrOJXWNVEhbkHrUJezta0OguOmXSuxX7mUhmOiV8kZ0ZVc0XwX', '_5gvOUWTiSLfq7qJnFrYGNUgTEk4XpFeH4CZyZ60nfmO20xB7xcdtM7bFmG2CZ', 'm3eFmIvFIXaxe8tCdghiUoU22ein7MMADurE32eJ0XJXpfMS7ywdOOuXWKfgK', 'srcnxNTxzwcRfPtGIGidl1IW6DNbRitHzzgc1G44N4kiRjk1YnTFkfBp2Urn4', 'YYK8vfshyxHShm9AM1V4WAVQsrDrAMpRUNuCvMdTj82EPataOlt49wgBCkOf2', '_9KdBJRlch3CLwTwTEWsKFIYAQOnp9vGvhcMMfnSVHXUEk0IkfAwSd6D9Rfrda', 'lV4pVDpoiT7WZAiJC0Uw96ZNqaeEvEUE7noLft3e8Z2tweQDFVSeH97URfu2M'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, KGc4FHS1KfPCQB4LKxld1jofGn.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'qvs8VBnRNGpFIQObRaB37OCc3i4LHMlIkedPlCLMW3Bj', 'vxIgN4MaGCavv2RGOjH36h7OJEZIMzgudCZpoPA3X760', 'kpsehZOJHa1OS5h1KNJiqdHQHF4fVE2HMNWbFE7eqh8I', 'dSqxYOCUwGEgQ1bVkvQvxCIPPt9htUlKMMaIePEmC0qH'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csHigh entropy of concatenated method names: 'qTRMJJbumLlaKev5QX0PV0hROeKGb3DJVF7a3majgWToLUk5TrSkLL0JEtP', 'r8L96OTFMvsSSdLtu1Hv98dUfpXlPzpwHEuVxU2aTa8mJEN8E6r35myPiVA', 'TtcUBTiC0xNxrhNCQIB4qjYDpsxRoqICmy5apHSSoHbcxZRVI5zBZ4Uh8gN', 'YBxK7HTqW1ESxjFBLSGljIVdHoxHOBhL7hvmtLGFLLX5azSwoN0LbaA05vK', 'PnHYLwhB6MB9T4DxaC8tdHLk9zNfGRtjL55WkqHzZUXILttCOvkn5ATvvnD', 'JRNIox8Z3mIWfI5xLc60vUzqMhRGyUxTEMuZO24LNsliT59EurCiHkGkbIf', 'ON23Fyf59PVN7p5cQMRiWnKaPU3qRpnAEB5vOhMuR8LoiIzwcIcd5KQw48N', '_00KHclEscPHcys9KLQR5wcNGTb3bLAzeHLmtBBfmSoiOLcoxDMMgxfSLtHm', 'w84S9yc9nOPEtADdaVsaEbEEgh5XSM2SRw00Mi7sI8uyXV89vGS6oGMbM1r', 'aNsO9yBlGo7N2uUAchUSku4R2Iox9ccOzxiHCUWEJYqjM6f9Ob55Wxjzlv2'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csHigh entropy of concatenated method names: 'Mulp7zUdSK9VYu5IZad0FEyupQP3isuHGuCDcRQiJxQulOK7Shg8pyUUvDs', '_2HbNt4XG8rI1HKjVNZbw1CoZL9wG2S51sZ1RlKIGL7bNB2KRlbaH4B7a19e', 'QJwP9Y6enPgjLwCNywUy9XkmgxTzio2U7LNVWWemEJO1ePc4Z4ty97iqyYk', '_4HrhtnYpd4KfQFHb7AKYeWI2XBKCYfJL8c7KJPULMDVGvILyeCmS22hSYn3', 'my9E6khIp6RoQtLVaDTPqpQLwDdav3H2cBLkiBF1BE5LZ8d6sn0iSURQwEkAOJQqZvjFvVtqxTt3', 'WufbtFzfM6Ou4aWjTbtTipr2k49m6ZIJ7ZYNL6aAcqqhWtL4uqYEoUuKsWjhrc4n4ITxSDc44OXm', 'RPyLLpBR90uUAPzFKM827jCidpbJKPT9d76Stx2nRsTEnUC8gKQSRb36PEtAqvMjsBtm6mTjTLOJ', 'x0xfMhqQwO6D0RvIFww9Dr8JxC1P8GDaUa9yKCnJ94MwLAj0psBoxPeVZ4z1lAdPIbXraI0jfvZK', '_77MFPIL8sXPNGzf6Vr2YyHh3ehiJT5w0BArWTcJPf0QSzVIHxkTkcJiScL08x5ydF63gS3Ll2h2x', 'Ifg7sxQUD18K2UHgPtFeucjteYcrBFjGw8A74f4muNVKjMRPAE4nCnvqf1NHZGdgndhjWmq3vAgW'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, nHofwfuZBubj5cDBdBG9TsTr2q.csHigh entropy of concatenated method names: 'ELfyIN64gvVpp7SykRVCihrPTD', 'pMJF5MgINI7jrPo1fAXiAJxfka', 'asLMMEqw8jqY4eXTtvhzYVQYNv', 'Wef4FOQRyo9tAx2wxYoVlYMwN6', '_6JUBihuDcb8vOst8qjHwf7UuB5', '_41igpNgCm5vGX9Yci4E8MYp5dk', 'vGfPmAZ0dF66GLz06UtvBsjIaT', 'ZlU4hm4qAQcRXb0MrpfD2woqcp', '_9GoGqF8cvVV0RAzR529nkF3XvG', 'PxUqAsdiTIOl41dZFxuXn6vxSn'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.csHigh entropy of concatenated method names: 'e0eTGJjyteWiHuiyFlwbHW4il0', 'EaEpGw36JMEDJRe3miGBPyMlQ6', 'Aleca4La6EV6C5NWVU8gOZgFRo', 'fgcpLIuTLJ3cU8m37DSBp2vasD', 'xOcfv2pwntCi1mfdOBrZY1BdWS', 'Vl2B24fjdLNgdms6tDas54hBha', 'qsh0GOvE9SVMQCEVL4xpJkQZYO', 'Ikhg0ZKkwT1KaSzqPN7p7g8Hm7', 'GLyOtTQHVPQqJiLuiWs3Lk9ths', 'Z8UuTBtMQNVYsuD3h6DUxI25XY'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, 1IzZeZTCJbjXCt7H00DOEXEv14.csHigh entropy of concatenated method names: 'FGNIsJmOykr3ePLIvfghdl82rE', 'iFMfNJ8tX7tyyJsVz54nOofmpWqm0UlCHP3Jh2daFxqJ', '_1Aaw4RFWjQVydm3WDNOfGFQjzh3P1B9ILUhqqx2ONVsy', '_4O6xqRfIIC7p2Jv3RL7qNzv5stbSYR9gxRjf6bmaYJzL', 'jQZZVEYz1wKZmlKz32FwUYq8ccFSMpoVymeH0OH4k4ED'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csHigh entropy of concatenated method names: 'X62lMf9Fo642ghnpIdH4ryrmWJnk5ojYqcmADta3uxk0WAPMDYottPU2RRE', 'KUJQI2n84phxAWGmHRptJafl2pMbccyfgxCQZWNRzf66ShXdIqnxVf2h9dDXTVqr5J3iM9PQHwr5', 'Blr9tkCYi6BWhPs187jQjtqCes5OTtVjdUIeIC7lmiu8GduDNlPK4ZljZFFQdgrXuXFGKY6x8o1a', 'GQSx9Q50t9YTZplZikXb96OzLV4cbvIcAzqPKYIkAIEQykjMhb1ITIVhkapVudX6GGkzGAu0jlzj', '_0elCUiPfUSuvWL1HLrc9OQRnDOlqPdJLNxIs9Q0sSNmyctfNqVqONUzkFFoPNaTry9gOdWzVPSEW'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, PJALqz39sBtzbnxazUO1cDrRHY.csHigh entropy of concatenated method names: 'mOybXieFxgzFW9F6hFxCu3WTGx', 'eMjHERXKLY7qr9i73mFZgBF8qw', 'pETlcwsuCpoxf73iWgLO3Vxi24', 'MJCQR8d3ayRI2BknSp97GUcAat', 'LSRD3vXFbk1IZ9Ju2x5mznqT3AzXLifIiiJY4smGb6D3', 'quD5R0BocQVtcgV9g4yiaN3I5qCsayPqqKNoCcWuTUm3', '_2F3jHAgxZJ4g5gPpchtfPtG1dIdS8N4IplRobGtY3ArG', 'ZdciAm8ylkTO2AXVEI4eyxDZGtJSoyTNcqD1xV1a0vMD', 'tkOHTlPXRBlnLb9dk8FEZHFe6W11yoxsvsyk7sfLhcoN', 'jXVDi6SCnWW8SZ4o46fiDxbcKJgSkGyRe8yK1aPg9qCs'
                    Source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csHigh entropy of concatenated method names: 'zz4vBEJbcvwEgGIfmyiut7LrTym3AwtZaTO8JPs7Cc0qFC4HFZ8h49XQUYp', 'UpinnvOruu3DYsOtM7Ik2ELmQz8Ts541mkivta8krXFIUgcvcsDGQi2vNF4', 'WTULDY12DGY3j4RFDHX994Eivlm3gZOo1H50X0aKgnOuKneKosIo3kY8gK5', '_6WR5WhtUNv8vTNugYC68XiqnVNBPQmS5LEHvLHZwZCGHOCMcgPXmNi7XBp1', 'QF6HQhTmfq2t8qh2yKNNy9wgbHt0dTygSjOFmDsPkk11kiZo9HdTNiOP94j', 'K27vHG2YSCvX4IIxlbra0T5qGa5BtyeMoHBMTyMP8TiIYmDUutBTLtAG0n5', 's1RRxCzJyYPsGP2jiTgVKYVW0FYSQSHijzWiQvDU0zRIeDqLWKiZb3QaB0w', 'e2bkoiRpeIASLoQQVIj6ug9f0RIlMqP8FKTbX7IBIi9s37bQcKDGX4mXxF2', 'Y0xP6o7CgV1RDr8A1FMwgYGnhMNfqqw5nFagABz0gBKVIXFCFlJppxnOzdh', 'yHRh8Azo2Diqe4d7KWv4JXD4EFYVegvE0yFh6IhoJtiPPOyrlyBo5daU0KB'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, cr1vYmUoWA827Qjk0a5UCxF4hG.csHigh entropy of concatenated method names: 'fyeU9AxGw5jCo6jhbn515DtDEYSuvGVtGjrJNEygS1cI', 'lZnzwd18ce11dsW9ceza9J8PTkbeDqbFQdoK1tWMJ95r', 'Pb6spKLQM3VRgaDFQqlGCboObEwJmgBgxGrv9E3RlQIA', '_8xIZnDb1zQvtUYwJzIWChfrF5PNclkrKPzDl01rOSNO4'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, m6Na4dP1oFMCkrcGGL0mqHQAAxOZ4jViwW8utTuGlHXwf62yG1i0e2LFBQ2.csHigh entropy of concatenated method names: '_1qQobQwfC3BZXFDgN45Zn0ZYqIZprjyyq7706XNPOxNiO06hqMVKbcYSesp', 'y252ODASucLxXtvJ68oq9mO8ipsyu0gua3SX4aJ0sokz2Lnw1aX55BG22UG', 'ELfZolPZ2Vy4UvXGWBYdie1X1L9sHt8mo9kdAf6Nxw1Nb9QmX9E66k00RUY', 'fzbV5PMeXg1VrOJXWNVEhbkHrUJezta0OguOmXSuxX7mUhmOiV8kZ0ZVc0XwX', '_5gvOUWTiSLfq7qJnFrYGNUgTEk4XpFeH4CZyZ60nfmO20xB7xcdtM7bFmG2CZ', 'm3eFmIvFIXaxe8tCdghiUoU22ein7MMADurE32eJ0XJXpfMS7ywdOOuXWKfgK', 'srcnxNTxzwcRfPtGIGidl1IW6DNbRitHzzgc1G44N4kiRjk1YnTFkfBp2Urn4', 'YYK8vfshyxHShm9AM1V4WAVQsrDrAMpRUNuCvMdTj82EPataOlt49wgBCkOf2', '_9KdBJRlch3CLwTwTEWsKFIYAQOnp9vGvhcMMfnSVHXUEk0IkfAwSd6D9Rfrda', 'lV4pVDpoiT7WZAiJC0Uw96ZNqaeEvEUE7noLft3e8Z2tweQDFVSeH97URfu2M'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, KGc4FHS1KfPCQB4LKxld1jofGn.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'qvs8VBnRNGpFIQObRaB37OCc3i4LHMlIkedPlCLMW3Bj', 'vxIgN4MaGCavv2RGOjH36h7OJEZIMzgudCZpoPA3X760', 'kpsehZOJHa1OS5h1KNJiqdHQHF4fVE2HMNWbFE7eqh8I', 'dSqxYOCUwGEgQ1bVkvQvxCIPPt9htUlKMMaIePEmC0qH'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csHigh entropy of concatenated method names: 'qTRMJJbumLlaKev5QX0PV0hROeKGb3DJVF7a3majgWToLUk5TrSkLL0JEtP', 'r8L96OTFMvsSSdLtu1Hv98dUfpXlPzpwHEuVxU2aTa8mJEN8E6r35myPiVA', 'TtcUBTiC0xNxrhNCQIB4qjYDpsxRoqICmy5apHSSoHbcxZRVI5zBZ4Uh8gN', 'YBxK7HTqW1ESxjFBLSGljIVdHoxHOBhL7hvmtLGFLLX5azSwoN0LbaA05vK', 'PnHYLwhB6MB9T4DxaC8tdHLk9zNfGRtjL55WkqHzZUXILttCOvkn5ATvvnD', 'JRNIox8Z3mIWfI5xLc60vUzqMhRGyUxTEMuZO24LNsliT59EurCiHkGkbIf', 'ON23Fyf59PVN7p5cQMRiWnKaPU3qRpnAEB5vOhMuR8LoiIzwcIcd5KQw48N', '_00KHclEscPHcys9KLQR5wcNGTb3bLAzeHLmtBBfmSoiOLcoxDMMgxfSLtHm', 'w84S9yc9nOPEtADdaVsaEbEEgh5XSM2SRw00Mi7sI8uyXV89vGS6oGMbM1r', 'aNsO9yBlGo7N2uUAchUSku4R2Iox9ccOzxiHCUWEJYqjM6f9Ob55Wxjzlv2'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csHigh entropy of concatenated method names: 'Mulp7zUdSK9VYu5IZad0FEyupQP3isuHGuCDcRQiJxQulOK7Shg8pyUUvDs', '_2HbNt4XG8rI1HKjVNZbw1CoZL9wG2S51sZ1RlKIGL7bNB2KRlbaH4B7a19e', 'QJwP9Y6enPgjLwCNywUy9XkmgxTzio2U7LNVWWemEJO1ePc4Z4ty97iqyYk', '_4HrhtnYpd4KfQFHb7AKYeWI2XBKCYfJL8c7KJPULMDVGvILyeCmS22hSYn3', 'my9E6khIp6RoQtLVaDTPqpQLwDdav3H2cBLkiBF1BE5LZ8d6sn0iSURQwEkAOJQqZvjFvVtqxTt3', 'WufbtFzfM6Ou4aWjTbtTipr2k49m6ZIJ7ZYNL6aAcqqhWtL4uqYEoUuKsWjhrc4n4ITxSDc44OXm', 'RPyLLpBR90uUAPzFKM827jCidpbJKPT9d76Stx2nRsTEnUC8gKQSRb36PEtAqvMjsBtm6mTjTLOJ', 'x0xfMhqQwO6D0RvIFww9Dr8JxC1P8GDaUa9yKCnJ94MwLAj0psBoxPeVZ4z1lAdPIbXraI0jfvZK', '_77MFPIL8sXPNGzf6Vr2YyHh3ehiJT5w0BArWTcJPf0QSzVIHxkTkcJiScL08x5ydF63gS3Ll2h2x', 'Ifg7sxQUD18K2UHgPtFeucjteYcrBFjGw8A74f4muNVKjMRPAE4nCnvqf1NHZGdgndhjWmq3vAgW'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, nHofwfuZBubj5cDBdBG9TsTr2q.csHigh entropy of concatenated method names: 'ELfyIN64gvVpp7SykRVCihrPTD', 'pMJF5MgINI7jrPo1fAXiAJxfka', 'asLMMEqw8jqY4eXTtvhzYVQYNv', 'Wef4FOQRyo9tAx2wxYoVlYMwN6', '_6JUBihuDcb8vOst8qjHwf7UuB5', '_41igpNgCm5vGX9Yci4E8MYp5dk', 'vGfPmAZ0dF66GLz06UtvBsjIaT', 'ZlU4hm4qAQcRXb0MrpfD2woqcp', '_9GoGqF8cvVV0RAzR529nkF3XvG', 'PxUqAsdiTIOl41dZFxuXn6vxSn'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, XTCaTeyQqjqzMqQFw2vCFwVCZf.csHigh entropy of concatenated method names: 'e0eTGJjyteWiHuiyFlwbHW4il0', 'EaEpGw36JMEDJRe3miGBPyMlQ6', 'Aleca4La6EV6C5NWVU8gOZgFRo', 'fgcpLIuTLJ3cU8m37DSBp2vasD', 'xOcfv2pwntCi1mfdOBrZY1BdWS', 'Vl2B24fjdLNgdms6tDas54hBha', 'qsh0GOvE9SVMQCEVL4xpJkQZYO', 'Ikhg0ZKkwT1KaSzqPN7p7g8Hm7', 'GLyOtTQHVPQqJiLuiWs3Lk9ths', 'Z8UuTBtMQNVYsuD3h6DUxI25XY'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, 1IzZeZTCJbjXCt7H00DOEXEv14.csHigh entropy of concatenated method names: 'FGNIsJmOykr3ePLIvfghdl82rE', 'iFMfNJ8tX7tyyJsVz54nOofmpWqm0UlCHP3Jh2daFxqJ', '_1Aaw4RFWjQVydm3WDNOfGFQjzh3P1B9ILUhqqx2ONVsy', '_4O6xqRfIIC7p2Jv3RL7qNzv5stbSYR9gxRjf6bmaYJzL', 'jQZZVEYz1wKZmlKz32FwUYq8ccFSMpoVymeH0OH4k4ED'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csHigh entropy of concatenated method names: 'X62lMf9Fo642ghnpIdH4ryrmWJnk5ojYqcmADta3uxk0WAPMDYottPU2RRE', 'KUJQI2n84phxAWGmHRptJafl2pMbccyfgxCQZWNRzf66ShXdIqnxVf2h9dDXTVqr5J3iM9PQHwr5', 'Blr9tkCYi6BWhPs187jQjtqCes5OTtVjdUIeIC7lmiu8GduDNlPK4ZljZFFQdgrXuXFGKY6x8o1a', 'GQSx9Q50t9YTZplZikXb96OzLV4cbvIcAzqPKYIkAIEQykjMhb1ITIVhkapVudX6GGkzGAu0jlzj', '_0elCUiPfUSuvWL1HLrc9OQRnDOlqPdJLNxIs9Q0sSNmyctfNqVqONUzkFFoPNaTry9gOdWzVPSEW'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, PJALqz39sBtzbnxazUO1cDrRHY.csHigh entropy of concatenated method names: 'mOybXieFxgzFW9F6hFxCu3WTGx', 'eMjHERXKLY7qr9i73mFZgBF8qw', 'pETlcwsuCpoxf73iWgLO3Vxi24', 'MJCQR8d3ayRI2BknSp97GUcAat', 'LSRD3vXFbk1IZ9Ju2x5mznqT3AzXLifIiiJY4smGb6D3', 'quD5R0BocQVtcgV9g4yiaN3I5qCsayPqqKNoCcWuTUm3', '_2F3jHAgxZJ4g5gPpchtfPtG1dIdS8N4IplRobGtY3ArG', 'ZdciAm8ylkTO2AXVEI4eyxDZGtJSoyTNcqD1xV1a0vMD', 'tkOHTlPXRBlnLb9dk8FEZHFe6W11yoxsvsyk7sfLhcoN', 'jXVDi6SCnWW8SZ4o46fiDxbcKJgSkGyRe8yK1aPg9qCs'
                    Source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csHigh entropy of concatenated method names: 'zz4vBEJbcvwEgGIfmyiut7LrTym3AwtZaTO8JPs7Cc0qFC4HFZ8h49XQUYp', 'UpinnvOruu3DYsOtM7Ik2ELmQz8Ts541mkivta8krXFIUgcvcsDGQi2vNF4', 'WTULDY12DGY3j4RFDHX994Eivlm3gZOo1H50X0aKgnOuKneKosIo3kY8gK5', '_6WR5WhtUNv8vTNugYC68XiqnVNBPQmS5LEHvLHZwZCGHOCMcgPXmNi7XBp1', 'QF6HQhTmfq2t8qh2yKNNy9wgbHt0dTygSjOFmDsPkk11kiZo9HdTNiOP94j', 'K27vHG2YSCvX4IIxlbra0T5qGa5BtyeMoHBMTyMP8TiIYmDUutBTLtAG0n5', 's1RRxCzJyYPsGP2jiTgVKYVW0FYSQSHijzWiQvDU0zRIeDqLWKiZb3QaB0w', 'e2bkoiRpeIASLoQQVIj6ug9f0RIlMqP8FKTbX7IBIi9s37bQcKDGX4mXxF2', 'Y0xP6o7CgV1RDr8A1FMwgYGnhMNfqqw5nFagABz0gBKVIXFCFlJppxnOzdh', 'yHRh8Azo2Diqe4d7KWv4JXD4EFYVegvE0yFh6IhoJtiPPOyrlyBo5daU0KB'
                    Source: FluxusV1.2.2.dr, cr1vYmUoWA827Qjk0a5UCxF4hG.csHigh entropy of concatenated method names: 'fyeU9AxGw5jCo6jhbn515DtDEYSuvGVtGjrJNEygS1cI', 'lZnzwd18ce11dsW9ceza9J8PTkbeDqbFQdoK1tWMJ95r', 'Pb6spKLQM3VRgaDFQqlGCboObEwJmgBgxGrv9E3RlQIA', '_8xIZnDb1zQvtUYwJzIWChfrF5PNclkrKPzDl01rOSNO4'
                    Source: FluxusV1.2.2.dr, m6Na4dP1oFMCkrcGGL0mqHQAAxOZ4jViwW8utTuGlHXwf62yG1i0e2LFBQ2.csHigh entropy of concatenated method names: '_1qQobQwfC3BZXFDgN45Zn0ZYqIZprjyyq7706XNPOxNiO06hqMVKbcYSesp', 'y252ODASucLxXtvJ68oq9mO8ipsyu0gua3SX4aJ0sokz2Lnw1aX55BG22UG', 'ELfZolPZ2Vy4UvXGWBYdie1X1L9sHt8mo9kdAf6Nxw1Nb9QmX9E66k00RUY', 'fzbV5PMeXg1VrOJXWNVEhbkHrUJezta0OguOmXSuxX7mUhmOiV8kZ0ZVc0XwX', '_5gvOUWTiSLfq7qJnFrYGNUgTEk4XpFeH4CZyZ60nfmO20xB7xcdtM7bFmG2CZ', 'm3eFmIvFIXaxe8tCdghiUoU22ein7MMADurE32eJ0XJXpfMS7ywdOOuXWKfgK', 'srcnxNTxzwcRfPtGIGidl1IW6DNbRitHzzgc1G44N4kiRjk1YnTFkfBp2Urn4', 'YYK8vfshyxHShm9AM1V4WAVQsrDrAMpRUNuCvMdTj82EPataOlt49wgBCkOf2', '_9KdBJRlch3CLwTwTEWsKFIYAQOnp9vGvhcMMfnSVHXUEk0IkfAwSd6D9Rfrda', 'lV4pVDpoiT7WZAiJC0Uw96ZNqaeEvEUE7noLft3e8Z2tweQDFVSeH97URfu2M'
                    Source: FluxusV1.2.2.dr, KGc4FHS1KfPCQB4LKxld1jofGn.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'qvs8VBnRNGpFIQObRaB37OCc3i4LHMlIkedPlCLMW3Bj', 'vxIgN4MaGCavv2RGOjH36h7OJEZIMzgudCZpoPA3X760', 'kpsehZOJHa1OS5h1KNJiqdHQHF4fVE2HMNWbFE7eqh8I', 'dSqxYOCUwGEgQ1bVkvQvxCIPPt9htUlKMMaIePEmC0qH'
                    Source: FluxusV1.2.2.dr, lCnryOV9jmTEZuL5mPAIjPEDs3WY2hwiIPCV4RgbEJYqGbLYpIsXHsN095G.csHigh entropy of concatenated method names: 'qTRMJJbumLlaKev5QX0PV0hROeKGb3DJVF7a3majgWToLUk5TrSkLL0JEtP', 'r8L96OTFMvsSSdLtu1Hv98dUfpXlPzpwHEuVxU2aTa8mJEN8E6r35myPiVA', 'TtcUBTiC0xNxrhNCQIB4qjYDpsxRoqICmy5apHSSoHbcxZRVI5zBZ4Uh8gN', 'YBxK7HTqW1ESxjFBLSGljIVdHoxHOBhL7hvmtLGFLLX5azSwoN0LbaA05vK', 'PnHYLwhB6MB9T4DxaC8tdHLk9zNfGRtjL55WkqHzZUXILttCOvkn5ATvvnD', 'JRNIox8Z3mIWfI5xLc60vUzqMhRGyUxTEMuZO24LNsliT59EurCiHkGkbIf', 'ON23Fyf59PVN7p5cQMRiWnKaPU3qRpnAEB5vOhMuR8LoiIzwcIcd5KQw48N', '_00KHclEscPHcys9KLQR5wcNGTb3bLAzeHLmtBBfmSoiOLcoxDMMgxfSLtHm', 'w84S9yc9nOPEtADdaVsaEbEEgh5XSM2SRw00Mi7sI8uyXV89vGS6oGMbM1r', 'aNsO9yBlGo7N2uUAchUSku4R2Iox9ccOzxiHCUWEJYqjM6f9Ob55Wxjzlv2'
                    Source: FluxusV1.2.2.dr, ScbHcjkL7WWFyToAiCRaf56oKTSNfj51ak47Dj2qXVEu59Hst3poaCdYaMT.csHigh entropy of concatenated method names: 'Mulp7zUdSK9VYu5IZad0FEyupQP3isuHGuCDcRQiJxQulOK7Shg8pyUUvDs', '_2HbNt4XG8rI1HKjVNZbw1CoZL9wG2S51sZ1RlKIGL7bNB2KRlbaH4B7a19e', 'QJwP9Y6enPgjLwCNywUy9XkmgxTzio2U7LNVWWemEJO1ePc4Z4ty97iqyYk', '_4HrhtnYpd4KfQFHb7AKYeWI2XBKCYfJL8c7KJPULMDVGvILyeCmS22hSYn3', 'my9E6khIp6RoQtLVaDTPqpQLwDdav3H2cBLkiBF1BE5LZ8d6sn0iSURQwEkAOJQqZvjFvVtqxTt3', 'WufbtFzfM6Ou4aWjTbtTipr2k49m6ZIJ7ZYNL6aAcqqhWtL4uqYEoUuKsWjhrc4n4ITxSDc44OXm', 'RPyLLpBR90uUAPzFKM827jCidpbJKPT9d76Stx2nRsTEnUC8gKQSRb36PEtAqvMjsBtm6mTjTLOJ', 'x0xfMhqQwO6D0RvIFww9Dr8JxC1P8GDaUa9yKCnJ94MwLAj0psBoxPeVZ4z1lAdPIbXraI0jfvZK', '_77MFPIL8sXPNGzf6Vr2YyHh3ehiJT5w0BArWTcJPf0QSzVIHxkTkcJiScL08x5ydF63gS3Ll2h2x', 'Ifg7sxQUD18K2UHgPtFeucjteYcrBFjGw8A74f4muNVKjMRPAE4nCnvqf1NHZGdgndhjWmq3vAgW'
                    Source: FluxusV1.2.2.dr, nHofwfuZBubj5cDBdBG9TsTr2q.csHigh entropy of concatenated method names: 'ELfyIN64gvVpp7SykRVCihrPTD', 'pMJF5MgINI7jrPo1fAXiAJxfka', 'asLMMEqw8jqY4eXTtvhzYVQYNv', 'Wef4FOQRyo9tAx2wxYoVlYMwN6', '_6JUBihuDcb8vOst8qjHwf7UuB5', '_41igpNgCm5vGX9Yci4E8MYp5dk', 'vGfPmAZ0dF66GLz06UtvBsjIaT', 'ZlU4hm4qAQcRXb0MrpfD2woqcp', '_9GoGqF8cvVV0RAzR529nkF3XvG', 'PxUqAsdiTIOl41dZFxuXn6vxSn'
                    Source: FluxusV1.2.2.dr, XTCaTeyQqjqzMqQFw2vCFwVCZf.csHigh entropy of concatenated method names: 'e0eTGJjyteWiHuiyFlwbHW4il0', 'EaEpGw36JMEDJRe3miGBPyMlQ6', 'Aleca4La6EV6C5NWVU8gOZgFRo', 'fgcpLIuTLJ3cU8m37DSBp2vasD', 'xOcfv2pwntCi1mfdOBrZY1BdWS', 'Vl2B24fjdLNgdms6tDas54hBha', 'qsh0GOvE9SVMQCEVL4xpJkQZYO', 'Ikhg0ZKkwT1KaSzqPN7p7g8Hm7', 'GLyOtTQHVPQqJiLuiWs3Lk9ths', 'Z8UuTBtMQNVYsuD3h6DUxI25XY'
                    Source: FluxusV1.2.2.dr, 1IzZeZTCJbjXCt7H00DOEXEv14.csHigh entropy of concatenated method names: 'FGNIsJmOykr3ePLIvfghdl82rE', 'iFMfNJ8tX7tyyJsVz54nOofmpWqm0UlCHP3Jh2daFxqJ', '_1Aaw4RFWjQVydm3WDNOfGFQjzh3P1B9ILUhqqx2ONVsy', '_4O6xqRfIIC7p2Jv3RL7qNzv5stbSYR9gxRjf6bmaYJzL', 'jQZZVEYz1wKZmlKz32FwUYq8ccFSMpoVymeH0OH4k4ED'
                    Source: FluxusV1.2.2.dr, 3iX4amOaDratG5dw5gJMaxGLRs3vX58VbCjmcVHxTF0CdB37hd664S3xNqW.csHigh entropy of concatenated method names: 'X62lMf9Fo642ghnpIdH4ryrmWJnk5ojYqcmADta3uxk0WAPMDYottPU2RRE', 'KUJQI2n84phxAWGmHRptJafl2pMbccyfgxCQZWNRzf66ShXdIqnxVf2h9dDXTVqr5J3iM9PQHwr5', 'Blr9tkCYi6BWhPs187jQjtqCes5OTtVjdUIeIC7lmiu8GduDNlPK4ZljZFFQdgrXuXFGKY6x8o1a', 'GQSx9Q50t9YTZplZikXb96OzLV4cbvIcAzqPKYIkAIEQykjMhb1ITIVhkapVudX6GGkzGAu0jlzj', '_0elCUiPfUSuvWL1HLrc9OQRnDOlqPdJLNxIs9Q0sSNmyctfNqVqONUzkFFoPNaTry9gOdWzVPSEW'
                    Source: FluxusV1.2.2.dr, PJALqz39sBtzbnxazUO1cDrRHY.csHigh entropy of concatenated method names: 'mOybXieFxgzFW9F6hFxCu3WTGx', 'eMjHERXKLY7qr9i73mFZgBF8qw', 'pETlcwsuCpoxf73iWgLO3Vxi24', 'MJCQR8d3ayRI2BknSp97GUcAat', 'LSRD3vXFbk1IZ9Ju2x5mznqT3AzXLifIiiJY4smGb6D3', 'quD5R0BocQVtcgV9g4yiaN3I5qCsayPqqKNoCcWuTUm3', '_2F3jHAgxZJ4g5gPpchtfPtG1dIdS8N4IplRobGtY3ArG', 'ZdciAm8ylkTO2AXVEI4eyxDZGtJSoyTNcqD1xV1a0vMD', 'tkOHTlPXRBlnLb9dk8FEZHFe6W11yoxsvsyk7sfLhcoN', 'jXVDi6SCnWW8SZ4o46fiDxbcKJgSkGyRe8yK1aPg9qCs'
                    Source: FluxusV1.2.2.dr, HxQC3kYdX0WQPewrh4NuphJzjkffXWvZuGKs1Dpi1vT8jIdLulWj3OXcoG1.csHigh entropy of concatenated method names: 'zz4vBEJbcvwEgGIfmyiut7LrTym3AwtZaTO8JPs7Cc0qFC4HFZ8h49XQUYp', 'UpinnvOruu3DYsOtM7Ik2ELmQz8Ts541mkivta8krXFIUgcvcsDGQi2vNF4', 'WTULDY12DGY3j4RFDHX994Eivlm3gZOo1H50X0aKgnOuKneKosIo3kY8gK5', '_6WR5WhtUNv8vTNugYC68XiqnVNBPQmS5LEHvLHZwZCGHOCMcgPXmNi7XBp1', 'QF6HQhTmfq2t8qh2yKNNy9wgbHt0dTygSjOFmDsPkk11kiZo9HdTNiOP94j', 'K27vHG2YSCvX4IIxlbra0T5qGa5BtyeMoHBMTyMP8TiIYmDUutBTLtAG0n5', 's1RRxCzJyYPsGP2jiTgVKYVW0FYSQSHijzWiQvDU0zRIeDqLWKiZb3QaB0w', 'e2bkoiRpeIASLoQQVIj6ug9f0RIlMqP8FKTbX7IBIi9s37bQcKDGX4mXxF2', 'Y0xP6o7CgV1RDr8A1FMwgYGnhMNfqqw5nFagABz0gBKVIXFCFlJppxnOzdh', 'yHRh8Azo2Diqe4d7KWv4JXD4EFYVegvE0yFh6IhoJtiPPOyrlyBo5daU0KB'

                    Persistence and Installation Behavior

                    barindex
                    Uses ipconfig to lookup or modify the Windows network settings
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeFile created: C:\Users\user\AppData\Roaming\MyNigga!.exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile created: C:\Users\user\AppData\Roaming\FluxusV1.2Jump to dropped file
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeFile created: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile created: C:\Users\user\AppData\Roaming\FluxusV1.2Jump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2"
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FluxusV1.lnkJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FluxusV1.lnkJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FluxusV1Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FluxusV1Jump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\SIHClient.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeMemory allocated: 1AB20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeMemory allocated: 1AA80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeMemory allocated: 1BF524F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeMemory allocated: 1BF6C060000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599669Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599124Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599014Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598905Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598795Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598686Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598249Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598138Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598030Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597917Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597809Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597701Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597593Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597484Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597369Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597265Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597145Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597030Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596916Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596812Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596703Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596593Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596484Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596374Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596258Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595921Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595812Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595698Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595593Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595483Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595374Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595259Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595156Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595041Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 594937Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 594827Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 594718Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWindow / User API: threadDelayed 5127Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWindow / User API: threadDelayed 4703Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeWindow / User API: threadDelayed 7099Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeWindow / User API: threadDelayed 2735Jump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exe TID: 4256Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exe TID: 6212Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599669s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599343s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599124s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -599014s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598905s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598795s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598686s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598468s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598359s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598249s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598138s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -598030s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597917s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597809s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597701s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597593s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597484s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597369s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597265s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597145s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -597030s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596916s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596812s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596703s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596593s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596484s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596374s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596258s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596140s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -596031s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595921s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595812s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595698s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595593s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595483s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595374s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595259s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595156s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -595041s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -594937s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -594827s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe TID: 2024Thread sleep time: -594718s >= -30000sJump to behavior
                    Source: C:\Windows\System32\SIHClient.exe TID: 4180Thread sleep time: -120000s >= -30000s
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                    Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                    Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                    Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Windows\System32\SIHClient.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599669Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599124Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 599014Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598905Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598795Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598686Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598249Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598138Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 598030Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597917Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597809Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597701Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597593Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597484Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597369Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597265Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597145Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 597030Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596916Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596812Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596703Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596593Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596484Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596374Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596258Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 596031Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595921Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595812Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595698Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595593Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595483Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595374Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595259Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595156Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 595041Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 594937Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 594827Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeThread delayed: delay time: 594718Jump to behavior
                    Source: Amcache.hve.14.drBinary or memory string: VMware
                    Source: Amcache.hve.14.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.14.drBinary or memory string: VMware, Inc.
                    Source: Amcache.hve.14.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.14.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.14.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.14.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.14.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                    Source: SIHClient.exe, 00000011.00000003.2283411928.000001D8D018C000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000002.2503441289.000001D8D018C000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000003.2502266911.000001D8D018C000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000003.2282423906.000001D8D018C000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000003.2288348083.000001D8D018C000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000003.2286655909.000001D8D018C000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000003.2502266911.000001D8D0136000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000003.2463850046.000001D8D018C000.00000004.00000020.00020000.00000000.sdmp, SIHClient.exe, 00000011.00000002.2503441289.000001D8D0136000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: Amcache.hve.14.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.14.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: Amcache.hve.14.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.14.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.14.drBinary or memory string: vmci.sys
                    Source: Amcache.hve.14.drBinary or memory string: vmci.syshbin`
                    Source: BootstrapperV1.22.exe, 00000003.00000002.2253077683.000001BF52432000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllBB"
                    Source: Amcache.hve.14.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: Amcache.hve.14.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.14.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.14.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.14.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: Amcache.hve.14.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: Amcache.hve.14.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: oIDX88LpSs.exe, 00000000.00000002.2112813400.0000000000D09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: r&Prod_VMware_SATA_CD00#4&224f42ef&0
                    Source: Amcache.hve.14.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.14.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Amcache.hve.14.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.14.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.14.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: MyNigga!.exe, 00000002.00000002.4571486210.000000001BBC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW %SystemRoot%\system32\mswsock.dllingProfile>
                    Source: Amcache.hve.14.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: Process Memory Space: BootstrapperV1.22.exe PID: 7084, type: MEMORYSTR
                    Source: Yara matchFile source: \Device\ConDrv, type: DROPPED
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess created: C:\Users\user\AppData\Roaming\MyNigga!.exe "C:\Users\user\AppData\Roaming\MyNigga!.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeProcess created: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe "C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /allJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeQueries volume information: C:\Users\user\Desktop\oIDX88LpSs.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeQueries volume information: C:\Users\user\AppData\Roaming\MyNigga!.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeQueries volume information: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BootstrapperV1.22.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                    Source: C:\Users\user\Desktop\oIDX88LpSs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.14.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.14.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.14.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.14.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                    Source: MyNigga!.exe, 00000002.00000002.4565726642.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, MyNigga!.exe, 00000002.00000002.4571486210.000000001BC9D000.00000004.00000020.00020000.00000000.sdmp, MyNigga!.exe, 00000002.00000002.4571486210.000000001BC5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: Amcache.hve.14.drBinary or memory string: MsMpEng.exe
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\MyNigga!.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected XWorm
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b54ca8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.MyNigga!.exe.9b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b42068.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: oIDX88LpSs.exe PID: 6220, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MyNigga!.exe PID: 4800, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\FluxusV1.2, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\MyNigga!.exe, type: DROPPED

                    Remote Access Functionality

                    barindex
                    Yara detected XWorm
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b54ca8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.0.MyNigga!.exe.9b0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b42068.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b54ca8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.oIDX88LpSs.exe.2b42068.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: oIDX88LpSs.exe PID: 6220, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MyNigga!.exe PID: 4800, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\FluxusV1.2, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\MyNigga!.exe, type: DROPPED

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts13
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		11
                    Process Injection                    		21
                    Masquerading                    		OS Credential Dumping241
                    Security Software Discovery                    		Remote Services11
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		21
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    DLL Side-Loading                    		21
                    Registry Run Keys / Startup Folder                    		151
                    Virtualization/Sandbox Evasion                    		Security Account Manager151
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    DLL Side-Loading                    		11
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    Remote System Discovery                    		SSHKeylogging3
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                    Obfuscated Files or Information                    		Cached Domain Credentials1
                    System Network Configuration Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                    Software Packing                    		DCSync1
                    File and Directory Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc Filesystem33
                    System Information Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1537991 Sample: oIDX88LpSs.exe Startdate: 20/10/2024 Architecture: WINDOWS Score: 100 52 d8zyctl.localto.net 2->52 54 www.nodejs.org 2->54 56 6 other IPs or domains 2->56 66 Suricata IDS alerts for network traffic 2->66 68 Malicious sample detected (through community Yara rule) 2->68 70 Antivirus detection for dropped file 2->70 72 9 other signatures 2->72 9 oIDX88LpSs.exe 4 2->9         started        12 OpenWith.exe 19 8 2->12         started        14 OpenWith.exe 2->14         started        16 5 other processes 2->16 signatures3 process4 file5 46 C:\Users\user\AppData\Roaming\MyNigga!.exe, PE32 9->46 dropped 48 C:\Users\user\...\BootstrapperV1.22.exe, PE32+ 9->48 dropped 50 C:\Users\user\AppData\...\oIDX88LpSs.exe.log, CSV 9->50 dropped 18 MyNigga!.exe 1 6 9->18         started        23 BootstrapperV1.22.exe 14 8 9->23         started        process6 dnsIp7 58 d8zyctl.localto.net 185.141.35.22, 3631, 49714, 49744 AS43260TR Turkey 18->58 42 C:\Users\user\AppData\Roaming\FluxusV1.2, PE32 18->42 dropped 74 Antivirus detection for dropped file 18->74 76 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 18->76 78 Protects its processes via BreakOnTermination flag 18->78 80 Uses schtasks.exe or at.exe to add and modify task schedules 18->80 25 schtasks.exe 1 18->25         started        27 SIHClient.exe 18->27         started        60 edge-term4-fra2.roblox.com 128.116.123.4, 443, 49715 ROBLOX-PRODUCTIONUS United States 23->60 62 www.nodejs.org 104.20.23.46, 443, 49719 CLOUDFLARENETUS United States 23->62 64 2 other IPs or domains 23->64 44 \Device\ConDrv, ISO-8859 23->44 dropped 82 Multi AV Scanner detection for dropped file 23->82 84 Machine Learning detection for dropped file 23->84 29 cmd.exe 1 23->29         started        32 WerFault.exe 22 16 23->32         started        34 conhost.exe 23->34         started        file8 signatures9 process10 signatures11 36 conhost.exe 25->36         started        86 Uses ipconfig to lookup or modify the Windows network settings 29->86 38 ipconfig.exe 1 29->38         started        40 conhost.exe 29->40         started        process12

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    oIDX88LpSs.exe100%AviraTR/Dropper.Gen
                    oIDX88LpSs.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\FluxusV1.2100%AviraTR/Spy.Gen
                    C:\Users\user\AppData\Roaming\MyNigga!.exe100%AviraTR/Spy.Gen
                    C:\Users\user\AppData\Roaming\FluxusV1.2100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\MyNigga!.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe63%ReversingLabsWin64.Trojan.Malgent

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://upx.sf.net0%URL Reputationsafe
                    http://james.newtonking.com/projects/json0%URL Reputationsafe
                    https://www.newtonsoft.com/jsonschema0%URL Reputationsafe
                    https://www.nuget.org/packages/Newtonsoft.Json.Bson0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    getsolara.dev
                    		172.67.203.125
                    		truefalse
                      		unknown
                      d8zyctl.localto.net
                      		185.141.35.22
                      		truetrue
                        		unknown
                        edge-term4-fra2.roblox.com
                        		128.116.123.4
                        		truefalse
                          		unknown
                          www.nodejs.org
                          		104.20.23.46
                          		truefalse
                            		unknown
                            clientsettings.roblox.com
                            		unknown
                            		unknownfalse
                              		unknown
                              18.31.95.13.in-addr.arpa
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://getsolara.dev/asset/discord.jsonfalse
                                  		unknown
                                  https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livefalse
                                    		unknown
                                    https://getsolara.dev/api/endpoint.jsonfalse
                                      		unknown
                                      https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msifalse
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://127.0.0.1:6463BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5415F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.nodejs.orgBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://300fa622.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exex=RBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://discord.comBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54061000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://ncs.roblox.com/uploadBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541D9000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.nodejs.orgBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://upx.sf.netAmcache.hve.14.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://james.newtonking.com/projects/jsonBootstrapperV1.22.exe.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://300fa622.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exeBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://getsolara.devBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://discord.com;http://127.0.0.1:6463/rpc?v=11BootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe.0.drfalse
                                                            		unknown
                                                            https://aka.ms/vs/17/release/vc_redist.x64.exeBootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe.0.drfalse
                                                              		unknown
                                                              http://127.0.0.1:64632aBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5415F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://getsolara.devBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5410A000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://www.newtonsoft.com/jsonschemaBootstrapperV1.22.exe.0.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://300fa622.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zipBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541EF000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.nuget.org/packages/Newtonsoft.Json.BsonBootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe.0.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/rawBootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54061000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe.0.drfalse
                                                                      		unknown
                                                                      http://127.0.0.1:6463/rpc?v=1BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF5415F000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54061000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMyNigga!.exe, 00000002.00000002.4567320477.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF540FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://clientsettings.roblox.comBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541D5000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://pastebin.com/raw/pjseRvyKBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF54177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://clientsettings.roblox.comBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://edge-term4-fra2.roblox.comBootstrapperV1.22.exe, 00000003.00000002.2254936783.000001BF541FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawChttps://pastebin.cBootstrapperV1.22.exe, 00000003.00000000.2112398428.000001BF52102000.00000002.00000001.01000000.00000007.sdmp, BootstrapperV1.22.exe.0.drfalse
                                                                                    		unknown

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    172.67.203.125
                                                                                    		getsolara.devUnited States
                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                    185.141.35.22
                                                                                    		d8zyctl.localto.netTurkey
                                                                                    		43260AS43260TRtrue
                                                                                    128.116.123.4
                                                                                    		edge-term4-fra2.roblox.comUnited States
                                                                                    		22697ROBLOX-PRODUCTIONUSfalse
                                                                                    104.20.23.46
                                                                                    		www.nodejs.orgUnited States
                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                    Private

                                                                                    IP
                                                                                    127.0.0.1

                                                                                    General Information

                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                    Analysis ID:1537991
                                                                                    Start date and time:2024-10-20 01:26:06 +02:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 9m 38s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                    Number of analysed new started processes analysed:24
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:oIDX88LpSs.exe
                                                                                    renamed because original name is a hash value
                                                                                    Original Sample Name:1648da0c5f6a9b0f99339a225ed9e11e8910f198e44726b920d1872ca1b3972b.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal100.troj.evad.winEXE@23/19@6/5
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 33.3%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 95%
                                                                                    • Number of executed functions: 152
                                                                                    • Number of non-executed functions: 6
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe
                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, svchost.exe
                                                                                    • Excluded IPs from analysis (whitelisted): 104.208.16.94, 4.175.87.197, 13.95.31.18, 172.202.163.200, 20.242.39.171, 20.12.23.50
                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                    • Execution Graph export aborted for target BootstrapperV1.22.exe, PID 7084 because it is empty
                                                                                    • Execution Graph export aborted for target oIDX88LpSs.exe, PID 6220 because it is empty
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                    • VT rate limit hit for: oIDX88LpSs.exe

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    01:27:03Task SchedulerRun new task: FluxusV1 path: C:\Users\user\AppData\Roaming\FluxusV1.2
                                                                                    19:27:01API Interceptor53x Sleep call for process: BootstrapperV1.22.exe modified
                                                                                    19:27:01API Interceptor13532396x Sleep call for process: MyNigga!.exe modified
                                                                                    19:27:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run FluxusV1 C:\Users\user\AppData\Roaming\FluxusV1.2
                                                                                    19:27:10API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                    19:27:10API Interceptor2x Sleep call for process: OpenWith.exe modified
                                                                                    19:27:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run FluxusV1 C:\Users\user\AppData\Roaming\FluxusV1.2
                                                                                    19:27:14API Interceptor5x Sleep call for process: SIHClient.exe modified
                                                                                    19:27:18AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FluxusV1.lnk

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    172.67.203.125hKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                      SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                        SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                          BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                                                                                  185.141.35.22PDF.exeGet hashmaliciousXWormBrowse
                                                                                                    128.116.123.4BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                                                                                        https://shrturl.net/pmf-gx3nGet hashmaliciousUnknownBrowse
                                                                                                          Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                            Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                              104.20.23.468svMXMXNRn.exeGet hashmaliciousNoCry, XWormBrowse
                                                                                                                SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                    SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeGet hashmaliciousUnknownBrowse
                                                                                                                      BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                        SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                                          SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                                            SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                                                                                                              solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                                                                                                                TK7.vbsGet hashmaliciousPureLog Stealer, XWorm, zgRATBrowse

                                                                                                                                  Domains

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  www.nodejs.orghKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                                                                  • 104.20.22.46
                                                                                                                                  8svMXMXNRn.exeGet hashmaliciousNoCry, XWormBrowse
                                                                                                                                  • 104.20.23.46
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.20.22.46
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.20.22.46
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.20.23.46
                                                                                                                                  SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.20.23.46
                                                                                                                                  BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                  • 104.20.23.46
                                                                                                                                  RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                  • 104.20.22.46
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.20.23.46
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.20.23.46
                                                                                                                                  getsolara.devhKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  SecuriteInfo.com.Variant.MSILHeracles.168781.2591.26227.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.21.93.27
                                                                                                                                  SecuriteInfo.com.Variant.MSILHeracles.168781.2591.26227.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.21.93.27
                                                                                                                                  8svMXMXNRn.exeGet hashmaliciousNoCry, XWormBrowse
                                                                                                                                  • 104.21.93.27
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.21.93.27
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.21.93.27
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.21.93.27
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.21.93.27
                                                                                                                                  edge-term4-fra2.roblox.comhKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                                                                  • 128.116.123.3
                                                                                                                                  BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                  • 128.116.123.4
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.123.3
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.123.3
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.123.4
                                                                                                                                  Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.123.3
                                                                                                                                  SolaraBootstrapper.exeGet hashmaliciousDCRat, XWormBrowse
                                                                                                                                  • 128.116.123.3

                                                                                                                                  ASNs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  ROBLOX-PRODUCTIONUShKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                                                                  • 128.116.123.3
                                                                                                                                  8svMXMXNRn.exeGet hashmaliciousNoCry, XWormBrowse
                                                                                                                                  • 128.116.44.3
                                                                                                                                  https://www.roblox.sc/users/294681399108/profileGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.122.3
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.44.3
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.44.3
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.44.4
                                                                                                                                  SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.119.3
                                                                                                                                  BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                  • 128.116.123.4
                                                                                                                                  RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                  • 128.116.21.3
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 128.116.123.3
                                                                                                                                  CLOUDFLARENETUShKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                                                                  • 104.20.22.46
                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                  • 172.67.206.204
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.9093.5876.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 104.21.80.99
                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  • 172.67.206.204
                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  • 172.67.206.204
                                                                                                                                  setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  • 104.21.28.222
                                                                                                                                  msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                  • 172.67.147.188
                                                                                                                                  https://sub.investorscabirigroup.com/4WQbos10596ktJI775idiwtbqpkk1528WGTFCWTFRKDXPVO305927/749609o14Get hashmaliciousPhisherBrowse
                                                                                                                                  • 104.19.229.21
                                                                                                                                  Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  • 188.114.97.3
                                                                                                                                  AS43260TRSecuriteInfo.com.Trojan.WinGo.Agent.15048.57.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 77.73.131.68
                                                                                                                                  SecuriteInfo.com.Win64.Malware-gen.27001.18486.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 77.73.131.68
                                                                                                                                  SecuriteInfo.com.Trojan.WinGo.Agent.15048.57.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 77.73.131.68
                                                                                                                                  SecuriteInfo.com.Win64.Malware-gen.27001.18486.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 77.73.131.68
                                                                                                                                  na.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                  • 185.124.86.109
                                                                                                                                  0d145776475200f49119bfb3ac7ac4dd4e20fadd0fd7b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                  • 185.122.203.107
                                                                                                                                  e416c0d0e2c49f0d5582d90727781330a012ebe541a60.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                  • 185.122.203.107
                                                                                                                                  https://www.google.com/url?q=https://www.google.com/url?q%3DdCSMjVnvsqsqaP8pEWWm%26rct%3DSpPq9HncUaCXUtCZusX0%26sa%3Dt%26esrc%3DuZR6jk9A67Rj7RZhLuPE%26source%3D%26cd%3Deh0xIKCKpKh7i4kTt26p%26cad%3DVEVtMkQKVNr1KW4fxShi%26ved%3DNTDACygNXetEDbRT8YiY%26uact%3D%2520%26url%3Damp%252Fzarafetbayankuafor%252Ecom%252F.rr%252F&source=gmail&ust=1726081152301000&usg=AOvVaw13bOFWGbYMslwWZ8DW3Ey1#vauFEE-SUREDANNXSnVzdGluLkdhcmNpYUBwZXJyeWhvbWVzLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • 185.71.218.12
                                                                                                                                  https://www.google.com/url?q=https://www.google.com/url?q%3DdCSMjVnvsqsqaP8pEWWm%26rct%3DSpPq9HncUaCXUtCZusX0%26sa%3Dt%26esrc%3DuZR6jk9A67Rj7RZhLuPE%26source%3D%26cd%3Deh0xIKCKpKh7i4kTt26p%26cad%3DVEVtMkQKVNr1KW4fxShi%26ved%3DNTDACygNXetEDbRT8YiY%26uact%3D%2520%26url%3Damp%252Fzarafetbayankuafor%252Ecom%252F.rr%252F&source=gmail&ust=1726081152301000&usg=AOvVaw13bOFWGbYMslwWZ8DW3Ey1#TAPW7E-SUREDANNXYW1pc2guc2FuZ2hyYWprYUBpbi55b2tvZ2F3YS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • 185.71.218.12
                                                                                                                                  https://www.google.com/url?q=https://www.google.com/url?q%3DdCSMjVnvsqsqaP8pEWWm%26rct%3DSpPq9HncUaCXUtCZusX0%26sa%3Dt%26esrc%3DuZR6jk9A67Rj7RZhLuPE%26source%3D%26cd%3Deh0xIKCKpKh7i4kTt26p%26cad%3DVEVtMkQKVNr1KW4fxShi%26ved%3DNTDACygNXetEDbRT8YiY%26uact%3D%2520%26url%3Damp%252Fzarafetbayankuafor%252Ecom%252F.rr%252F&sGet hashmaliciousUnknownBrowse
                                                                                                                                  • 185.71.218.12

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0ehKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  N2ER4ZENF1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  N2ER4ZENF1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  SecuriteInfo.com.Win64.Evo-gen.14681.29745.exeGet hashmaliciousBlank Grabber, Umbral Stealer, XWormBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.18133.14409.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  cAHHSnHDJS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  cAHHSnHDJS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  01oTkKQVSW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46
                                                                                                                                  WeLyNA2xUj.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 172.67.203.125
                                                                                                                                  • 128.116.123.4
                                                                                                                                  • 104.20.23.46

                                                                                                                                  Dropped Files

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  C:\Users\user\AppData\Roaming\BootstrapperV1.22.exehKWBNgRd7p.exeGet hashmaliciousXWormBrowse
                                                                                                                                    SecuriteInfo.com.Variant.MSILHeracles.168781.2591.26227.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      8svMXMXNRn.exeGet hashmaliciousNoCry, XWormBrowse
                                                                                                                                        SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse

                                                                                                                                          Created / dropped Files

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BootstrapperV1.2_8a67a53847f1550bba47f83cc7f50ab9fda1622_30d98452_fa610ae8-e7ba-42f0-96f3-633ff79e81bf\Report.wer

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):65536
                                                                                                                                          Entropy (8bit):1.2682737302157336
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:Yfldir0bU9+dQtaWxejol2/fsLzuiFoZ24lO8E:old9bG+dQtaml23sLzuiFoY4lO8E
                                                                                                                                          MD5:BCC991493CDE3DCB2FBE02E7B9B970AF
                                                                                                                                          SHA1:E448DA9B4BFF1A5362019EF3402D7513D3E37607
                                                                                                                                          SHA-256:80D35E0F587A3230AF3E5037A0925757C92DD7AF4432C115876687BF51E590B3
                                                                                                                                          SHA-512:9DF3F805475BE838CCD5E412CB57323DE04B3433913CCD99433DA59E12B55E4C78BF4CBB0B9BFED6FBCD4318955BD394282EA18CA63677B0EFE45C421A5EB3DF
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.8.5.4.0.2.7.0.5.2.4.7.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.8.5.4.0.2.7.7.3.9.9.7.4.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.a.6.1.0.a.e.8.-.e.7.b.a.-.4.2.f.0.-.9.6.f.3.-.6.3.3.f.f.7.9.e.8.1.b.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.8.6.5.4.d.3.d.-.6.0.1.a.-.4.3.1.2.-.b.1.a.9.-.e.6.6.2.0.5.2.7.c.8.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.o.o.t.s.t.r.a.p.p.e.r.V.1...2.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.S.o.l.a.r.a.B.o.o.t.s.t.r.a.p.p.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.a.c.-.0.0.0.1.-.0.0.1.5.-.9.8.c.a.-.9.3.6.3.7.e.2.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.f.e.1.7.3.6.3.1.c.a.d.c.4.a.7.6.9.5.d.3.9.9.5.7.a.1.2.d.e.9.c.0.0.0.0.0.0.0.0.!.0.0.0.0.2.1.f.2.3.2.c.2.f.d.8.1.3.2.f.8.6.7.7.e.5.3.2.5.8.5.6.2.a.d.9.8.b.4.5.

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERD84A.tmp.dmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                          File Type:Mini DuMP crash report, 16 streams, Sat Oct 19 23:27:07 2024, 0x1205a4 type
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):602238
                                                                                                                                          Entropy (8bit):3.3163330382474223
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:/STmF5Yyd5AzvhyYLWOrHZTMHqssCq983/5YLt3QLcg:tJAVyYLWUGlqXRQ
                                                                                                                                          MD5:173E1C9437C38CB6305B791CB4FC5FCF
                                                                                                                                          SHA1:1FB9EB86137F4BF38A893DD10E292FE2F8500F21
                                                                                                                                          SHA-256:812BA6A0DCE66E3B81860B50D97164F108DA390C7025C150B00C6E76A317706E
                                                                                                                                          SHA-512:D1AC93CB468EE3F259E751E70AA34BE8BF48ADCDEA6D6C8BB1D50E82FFA7AFBBED38BD46A5B8193A7E88308D3864568ED5C96316CB4741B9E692FFF4264B6EA4
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MDMP..a..... .......K@.g............4...........<...T.......<....)...........).......T..............l.......8...........T............U...............E...........G..............................................................................eJ......@H......Lw......................T...........@@.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA4F.tmp.WERInternalMetadata.xml

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):6812
                                                                                                                                          Entropy (8bit):3.722184788892126
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:R6l7wVeJOjDZEwSvCYZE82prK89bneb0UfqNejm:R6lXJADZEwSvCYGDnebvfce6
                                                                                                                                          MD5:38041656EA128E3A7A87D3B4A2332F31
                                                                                                                                          SHA1:9FA35B45D0C201AC22264A315AAB661893DE274E
                                                                                                                                          SHA-256:2D1CF222C864CC0CFE988A5F21BBE9E88582CF57CBC153EF9030A8228B42EF8A
                                                                                                                                          SHA-512:27F4B515A8AEFF166B37E4957473E2A30CAA45C0AE10E2FBB6F4C180C70C140626DB69D29EABE0D730E4712DFEBD92657532041199D2704E0233381FDF120E09
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.8.4.<./.P.i.

                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA6F.tmp.xml

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):4834
                                                                                                                                          Entropy (8bit):4.466169616715466
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:48:cvIwWl8zsSNJg771I96dWpW8VYh1Ym8M4JQDCT/FuFPyq8vaCTw1yioivd:uIjfSnI7Vs7VkEJyWc1vdvd
                                                                                                                                          MD5:3D7D6CE888D46028CD78D5A1193B87D1
                                                                                                                                          SHA1:63579CD779E2E3DCE831CDBA1493608A06978344
                                                                                                                                          SHA-256:DB3EEEA37B11E3DD5E6B202AE91FF8875C393CD1BF33C6DD943ED5BD5083545A
                                                                                                                                          SHA-512:405A2354E9CC6CFC86729536E363150FCD4529426FA3EB32E7EB783E21408615BE538B3FBA67EC59E5CA64C9B9F7816B6430323F3BAF1BE949C7FC1112EE1766
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="550949" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\oIDX88LpSs.exe.log

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\oIDX88LpSs.exe
                                                                                                                                          File Type:CSV text
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):654
                                                                                                                                          Entropy (8bit):5.380476433908377
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                                                                                                                          MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                                                                                                                          SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                                                                                                                          SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                                                                                                                          SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                                                                                                                          Malicious:true
                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                                                                                                                                          C:\Users\user\AppData\Local\Temp\Log.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Roaming\MyNigga!.exe
                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):41
                                                                                                                                          Entropy (8bit):3.7195394315431693
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:rRSFYJKXzovNsr4rNrn:EFYJKDoWrcBn
                                                                                                                                          MD5:0DB526D48DAB0E640663E4DC0EFE82BA
                                                                                                                                          SHA1:17AC435DAFEA6FF9F4D6F83FA6C54F9800F43724
                                                                                                                                          SHA-256:934290A76F9E1804069D8ED6515B14101D9D8ABA2EACBF5B260F59941C65340E
                                                                                                                                          SHA-512:FACD013E1B5B8163214CA8C3A18ADEEC3541153CD69240EEFA76DDD54809186E919C1D635AEA648A8641DE7C3216BEC11C41F04719B60F07EDFDC01FF79027B9
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:....### explorer ###..[WIN]r[WIN]r[WIN]r

                                                                                                                                          C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\oIDX88LpSs.exe
                                                                                                                                          File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):819200
                                                                                                                                          Entropy (8bit):5.598226996524291
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12288:t0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z:O5vgHWjTwAlocaKjyyItHDz
                                                                                                                                          MD5:2A4DCF20B82896BE94EB538260C5FB93
                                                                                                                                          SHA1:21F232C2FD8132F8677E53258562AD98B455E679
                                                                                                                                          SHA-256:EBBCB489171ABFCFCE56554DBAEACD22A15838391CBC7C756DB02995129DEF5A
                                                                                                                                          SHA-512:4F1164B2312FB94B7030D6EB6AA9F3502912FFA33505F156443570FC964BFD3BB21DED3CF84092054E07346D2DCE83A0907BA33F4BA39AD3FE7A78E836EFE288
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                          Joe Sandbox View:
                                                                                                                                          • Filename: hKWBNgRd7p.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: SecuriteInfo.com.Variant.MSILHeracles.168781.2591.26227.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: 8svMXMXNRn.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exe, Detection: malicious, Browse
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Ll.g.........."......v............... ....@...... ....................................`.................................................D...T.......u............................................................................................ ..H............text....t... ...v.................. ..`.rsrc...u............x..............@..@.reloc...............~..............@..BH........................................................................0..R.......(....:....*r...p(....r...po....:-...r-..pr&..p.. (.....@....r...pr<..p(....(....&*.......0..........rL..prT..p.(....s....%.o....%.o....%.o....%.o.....s.......o.....o....&.o....o......(....9.....o....o.............9.....o......*.......8.8p.......0..8.......r\..p.......%...%.r^..p.%...%.r...p.%...%.r...p.(......*.....(....~....%:....&~......*...s....%.....(...+*...0..l.........(....r...p(....(....r\..p.

                                                                                                                                          C:\Users\user\AppData\Roaming\FluxusV1.2

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Roaming\MyNigga!.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):76800
                                                                                                                                          Entropy (8bit):5.963935667866813
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:169PNjj6/hQzpeexAniS5f0E+be9EnQCY0Pww51VONXLxsB2:1INjmOpT4iK3+be9dCYswWONbu2
                                                                                                                                          MD5:2B3B90E6EED13A7E4E2F8285F0022F94
                                                                                                                                          SHA1:5528FA9BC71D52D3E03A09683E5AF51BDE7DE8AE
                                                                                                                                          SHA-256:3477E2B340DC3B15EC23D29ADBF5306D6D3D537F26AF90729E0305B2F746CD7D
                                                                                                                                          SHA-512:41714DE449B7722080BCB7398542C143345B5C1C03A5DB490EE7D15DE07A9C76107BA285CA9FF92734BF751E4693F4B408E951EC3C2A78D7A300692EFBD53B85
                                                                                                                                          Malicious:true
                                                                                                                                          Yara Hits:
                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\FluxusV1.2, Author: Joe Security
                                                                                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\FluxusV1.2, Author: ditekSHen
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..g................."...........A... ...`....@.. ....................................@.................................XA..S....`............................................................................... ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H.......T^..........&.....................................................(....*.r...p*. \.p.*..(....*.ry..p*. ..9.*.s.........s.........s.........s.........*.r...p*. ..>.*.r-..p*. ~.H.*.r...p*. .W..*.r...p*. .O..*.r;..p*. .8F.*..((...*.r...p*. ....*.r...p*. ...*"(....+.*&(....&+.*.+5sT... .... .'..oU...(,...~....-.(D...(6...~....oV...&.-.*.r...p*. .3 .*.rO..p*. *p{.*.r...p*. ....*.r...p*.r]..p*. .0..*..............j..................sW..............*"(F...+.*:.t....(A...+.*

                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FluxusV1.lnk

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Roaming\MyNigga!.exe
                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Oct 19 22:27:01 2024, mtime=Sat Oct 19 22:27:01 2024, atime=Sat Oct 19 22:27:01 2024, length=76800, window=hide
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):762
                                                                                                                                          Entropy (8bit):5.070113786464254
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12:806Q+QslEg4lf7Bpnu8ChWilXIsY//FpLPCGKOmlNbVjAr//s+HgYKokomV:8jQ+QEMNHDFilXUzPCdOm9Aj/sMKbom
                                                                                                                                          MD5:5766465E844DD965742D022237F757E2
                                                                                                                                          SHA1:F0DD0C66629D366D9E59E38EB2502A63977A0FBB
                                                                                                                                          SHA-256:225F5ECC0AAB5855DD30443CFC844E5E2D24BD3F72B2B7B069433DDBB486D8F7
                                                                                                                                          SHA-512:40ADC7229C314AEF1CF8626ACB7563588874F53A4D163011A017ABE1B945AD89141EC82F2569736BA8FFA90099BB16A451254F76B5A5E4C3EBD4F98285EBA185
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:L..................F.... ..._..e~".._..e~".._..e~"...,......................t.:..DG..Yr?.D..U..k0.&...&.......$..S.....^~"..7{?f~"......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2SY[............................^.A.p.p.D.a.t.a...B.V.1.....SY]...Roaming.@......EW<2SY]...../.........................R.o.a.m.i.n.g.....`.2..,..SYa. .FluxusV1.2..F......SYa.SYa.....f ........................F.l.u.x.u.s.V.1...2.......[...............-.......Z...........sL.......C:\Users\user\AppData\Roaming\FluxusV1.2........\.....\.....\.....\.....\.F.l.u.x.u.s.V.1...2.`.......X.......562258...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                          C:\Users\user\AppData\Roaming\MyNigga!.exe

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\Desktop\oIDX88LpSs.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):76800
                                                                                                                                          Entropy (8bit):5.963935667866813
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:169PNjj6/hQzpeexAniS5f0E+be9EnQCY0Pww51VONXLxsB2:1INjmOpT4iK3+be9dCYswWONbu2
                                                                                                                                          MD5:2B3B90E6EED13A7E4E2F8285F0022F94
                                                                                                                                          SHA1:5528FA9BC71D52D3E03A09683E5AF51BDE7DE8AE
                                                                                                                                          SHA-256:3477E2B340DC3B15EC23D29ADBF5306D6D3D537F26AF90729E0305B2F746CD7D
                                                                                                                                          SHA-512:41714DE449B7722080BCB7398542C143345B5C1C03A5DB490EE7D15DE07A9C76107BA285CA9FF92734BF751E4693F4B408E951EC3C2A78D7A300692EFBD53B85
                                                                                                                                          Malicious:true
                                                                                                                                          Yara Hits:
                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\MyNigga!.exe, Author: Joe Security
                                                                                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\MyNigga!.exe, Author: ditekSHen
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..g................."...........A... ...`....@.. ....................................@.................................XA..S....`............................................................................... ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................A......H.......T^..........&.....................................................(....*.r...p*. \.p.*..(....*.ry..p*. ..9.*.s.........s.........s.........s.........*.r...p*. ..>.*.r-..p*. ~.H.*.r...p*. .W..*.r...p*. .O..*.r;..p*. .8F.*..((...*.r...p*. ....*.r...p*. ...*"(....+.*&(....&+.*.+5sT... .... .'..oU...(,...~....-.(D...(6...~....oV...&.-.*.r...p*. .3 .*.rO..p*. *p{.*.r...p*. ....*.r...p*.r]..p*. .0..*..............j..................sW..............*"(F...+.*:.t....(A...+.*

                                                                                                                                          C:\Users\user\Desktop\DISCORD

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe
                                                                                                                                          File Type:JSON data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):103
                                                                                                                                          Entropy (8bit):4.081427527984575
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:XSWHlkHFWKBgdvHvIhN9GIxFf9oQg652UTF/HLMl1m:XSWHlW0aivQLkWFfx/52uyPm
                                                                                                                                          MD5:B016DAFCA051F817C6BA098C096CB450
                                                                                                                                          SHA1:4CC74827C4B2ED534613C7764E6121CEB041B459
                                                                                                                                          SHA-256:B03C8C2D2429E9DBC7920113DEDF6FC09095AB39421EE0CC8819AD412E5D67B9
                                                                                                                                          SHA-512:D69663E1E81EC33654B87F2DFADDD5383681C8EBF029A559B201D65EB12FA2989FA66C25FA98D58066EAB7B897F0EEF6B7A68FA1A9558482A17DFED7B6076ACA
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:{. "args" : {. "code" : "8PgspRYAQu". },. "cmd" : "INVITE_BROWSER",. "nonce" : ".". }

                                                                                                                                          C:\Windows\Logs\SIH\SIH.20241019.192712.092.1.etl

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\SIHClient.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):12288
                                                                                                                                          Entropy (8bit):2.858529242446535
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:96:FEgEBIv6J/Uw0y+Jw0srqNn9vcP9NcH9Rwew+Az8UNzJLjwaAsJ:FEr06J/U1y8JRNndMvQXPwZBNzJzAsJ
                                                                                                                                          MD5:4F9CAB11BEE5D97EE748D1A9119D2A61
                                                                                                                                          SHA1:39D62B6B675F729C4C16B74EB15A57F7A2624ADA
                                                                                                                                          SHA-256:97B8F4473BBDE06FCC365704C99D157F37A73CAF5F399D7735E570ABD671AB8D
                                                                                                                                          SHA-512:DDE05865CC8F491C5F95E2C15CF9AD42D2D8F4C33CDA80B0C60336F61228E06EB50F09847B0D616782B96C9AC65760E4294DA450E7FDFBE170663BF4D0D09A1D
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:....P...P.......................................P...!...............................8.........................eJ......u..z~"..Zb....... ......................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................FpTW..............l~"..........S.I.H._.t.r.a.c.e._.l.o.g...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.S.I.H.\.S.I.H...2.0.2.4.1.0.1.9...1.9.2.7.1.2...0.9.2...1...e.t.l.......P.P.....8.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMP69BD.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\SIHClient.exe
                                                                                                                                          File Type:Microsoft Cabinet archive data, single, 462 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 31944, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):17126
                                                                                                                                          Entropy (8bit):7.3117215578334935
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:D5X8WyNHDHFzqDHt8AxL5TKG+tJSdqnajapCNjFZYECUqY7oX9qhnJSdqnaja2Sl:qDlsHq4ThPdlmY9CUiqOdlm2W
                                                                                                                                          MD5:1B6460EE0273E97C251F7A67F49ACDB4
                                                                                                                                          SHA1:4A3FDFBB1865C3DAED996BDB5C634AA5164ABBB8
                                                                                                                                          SHA-256:3158032BAC1A6D278CCC2B7D91E2FBC9F01BEABF9C75D500A7F161E69F2C5F4A
                                                                                                                                          SHA-512:3D256D8AC917C6733BAB7CC4537A17D37810EFD690BCA0FA361CF44583476121C9BCCCD9C53994AE05E9F9DFF94FFAD1BB30C0F7AFF6DF68F73411703E3DF88A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MSCF............D................|...............A..........d.......................environment.xml.....b...CK..ao.0...J...&.q...-..;+.6+-i.......7.....=....g.P.RQ.#..#...QQ..p.kk..qX..)...T.....zL#<.4......\k..f..,.Q...`..K7.hP..".E.53.V.DW.X).z.=`.COO 8..8.......!$.P!`00....E.m..l .)".J.vC..J..&...5.5(.a..!..MIM...*......z.;......t.<.o..|CR.3>..n.;8dX....:....N.....U.......J.I(vT..3...N....$.._^.A<....&=._(N....m.u.1}.....Ax.b8....q~.i..0.A...*.H........A.0.@....1.0...`.H.e......0....+.....7......0..0V..+.....7....H.......$f.....`..41200..+.....7...1". ...,..gK.........(...._`Oa..;%.010...`.H.e....... K...,.%@.b./.a...Q.:..E.7....V~....0...0..........3....!.G~&.9......0...*.H........0~1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1(0&..U....Microsoft Update Signing CA 2.20...190502214449Z..200502214449Z0o1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft Update0.."0...*

                                                                                                                                          C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMPA192.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\SIHClient.exe
                                                                                                                                          File Type:Microsoft Cabinet archive data, single, 462 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 31944, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):17126
                                                                                                                                          Entropy (8bit):7.3117215578334935
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:D5X8WyNHDHFzqDHt8AxL5TKG+tJSdqnajapCNjFZYECUqY7oX9qhnJSdqnaja2Sl:qDlsHq4ThPdlmY9CUiqOdlm2W
                                                                                                                                          MD5:1B6460EE0273E97C251F7A67F49ACDB4
                                                                                                                                          SHA1:4A3FDFBB1865C3DAED996BDB5C634AA5164ABBB8
                                                                                                                                          SHA-256:3158032BAC1A6D278CCC2B7D91E2FBC9F01BEABF9C75D500A7F161E69F2C5F4A
                                                                                                                                          SHA-512:3D256D8AC917C6733BAB7CC4537A17D37810EFD690BCA0FA361CF44583476121C9BCCCD9C53994AE05E9F9DFF94FFAD1BB30C0F7AFF6DF68F73411703E3DF88A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MSCF............D................|...............A..........d.......................environment.xml.....b...CK..ao.0...J...&.q...-..;+.6+-i.......7.....=....g.P.RQ.#..#...QQ..p.kk..qX..)...T.....zL#<.4......\k..f..,.Q...`..K7.hP..".E.53.V.DW.X).z.=`.COO 8..8.......!$.P!`00....E.m..l .)".J.vC..J..&...5.5(.a..!..MIM...*......z.;......t.<.o..|CR.3>..n.;8dX....:....N.....U.......J.I(vT..3...N....$.._^.A<....&=._(N....m.u.1}.....Ax.b8....q~.i..0.A...*.H........A.0.@....1.0...`.H.e......0....+.....7......0..0V..+.....7....H.......$f.....`..41200..+.....7...1". ...,..gK.........(...._`Oa..;%.010...`.H.e....... K...,.%@.b./.a...Q.:..E.7....V~....0...0..........3....!.G~&.9......0...*.H........0~1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1(0&..U....Microsoft Update Signing CA 2.20...190502214449Z..200502214449Z0o1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft Update0.."0...*

                                                                                                                                          C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\sls.cab

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\SIHClient.exe
                                                                                                                                          File Type:Microsoft Cabinet archive data, single, 7826 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 53283, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):24490
                                                                                                                                          Entropy (8bit):7.629144636744632
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:384:iarwQcY8StpA7IQ6GCq30XPSIleI7lzCuqvfiSIleIx:iartHA7PCFP66Tqvfi6c
                                                                                                                                          MD5:ACD24F781C0C8F48A0BD86A0E9F2A154
                                                                                                                                          SHA1:93B2F4FBF96D15BE0766181AFACDB9FD9DD1B323
                                                                                                                                          SHA-256:5C0A296B3574D170D69C90B092611646FE8991B8D103D412499DBE7BFDCCCC49
                                                                                                                                          SHA-512:7B1D821CF1210947344FCF0F9C4927B42271669015DEA1C179B2BEAD9025941138C139C22C068CBD7219B853C80FA01A04E26790D8D76A38FB8BEBE20E0A2A4A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MSCF............D...............#................A..........d........B..............environment.cab.x.\&..BCK.\.T...N.....;LB.JW.. .w!....$*...U....."........ (.. E..........w...e.Jf.3gN.{...{V.M4.!.....hn. p(... .a...f..f..j.....Kh5..l.DB\}.=.0.>..X.....z..,'..LC/>....h.>.>.........,~mVI.....'EGD]^..\{....Q....f...4.F.....q..FF.1~...Q,.."g.qq.......}.....g%Zz.;m.9..z../2Jl.p8wGO......-V....FM......y*.....Hy.xy......N.r;.@uV........Xa...b].`..F...y.Wd.e.8.[Z.s7].....=B.$...'.|.-.sC....a_(..$..i.C.T.F}...]...m.R,y.1...'..j3.....ir..B..)sR.G.*..`-=.w....m..2y.....*o...\{..C.4.:ZM..wL-$.I.x:?.!.....:..W.%&.....J.%.....~....E..T.d.Q{..p..J..pY...P../.."rp....`...#w.....'.|n%Dy,.....i....."..x.....b._..\_.^.XOo..*:.&a.`..qA.?.@..t.R/...X3.nF.&........1Z.r.S...9x........?..aP..A...f..k:..\....L...t....Q...1..A..33A1.t..)...c....;......$.$..>._....A.!g`..t...b.H.L..&.....!......v~.n...uE.x...."5.h.4..B.R.d.4.%--.`.B..."..[....l......x(..5......@.zr....

                                                                                                                                          C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\TMP1BA5.tmp

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\SIHClient.exe
                                                                                                                                          File Type:Microsoft Cabinet archive data, single, 858 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 12183, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):19826
                                                                                                                                          Entropy (8bit):7.454351722487538
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:384:3j+naF6zsHqnltHNsAR9zCfsOCUPTNbZR9zOzD8K:z1F6JLts89zIdrFT9zwoK
                                                                                                                                          MD5:455385A0D5098033A4C17F7B85593E6A
                                                                                                                                          SHA1:E94CC93C84E9A3A99CAD3C2BD01BFD8829A3BCD6
                                                                                                                                          SHA-256:2798430E34DF443265228B6F510FC0CFAC333100194289ED0488D1D62C5367A7
                                                                                                                                          SHA-512:104FA2DAD10520D46EB537786868515683752665757824068383DC4B9C03121B79D9F519D8842878DB02C9630D1DFE2BBC6E4D7B08AFC820E813C250B735621A
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MSCF....Z.......D................/..........Z....J..........d.......................environment.xml........CK....8.....w..=.9%T`.eu:.jn.E.8......m_.o?...5.K.{.3X3....^.{i..b......{.+.....y:..KW;;\..n.K=.]k..{.=..3......D$.&IQH.$-..8.r.{..HP.........g....^..~......e.f2^..N.`.B..o.t....z..3..[#..{S.m..w....<M...j..6.k.K.....~.SP.mx..;N.5..~\.[.!gP...9r@"82"%.B%..<2.c....vO..hB.Fi....{...;.}..f|..g.7..6..].7B..O..#d..]Ls.k..Le...2.*..&I.Q.,....0.\.-.#..L%.Z.G..K.tU.n...J..TM....4....~...:..2.X..p.d....&.Bj.P(.."..).s.d....W.=n8...n...rr..O._.yu...R..$....[...=H"K<.`.e...d.1.3.gk....M..<R......%1BX.[......X.....q......:...3..w....QN7. .qF..A......Q.p...*G...JtL...8sr.s.eQ.zD.u...s.....tjj.G.....Fo...f`Bb<.]k..e.b..,.....*.1.:-....K.......M..;....(,.W.V(^_.....9.,`|...9...>..R...2|.|5.r....n.y>wwU..5...0.J...*.H........J.0.I....1.0...`.H.e......0....+.....7......0..0V..+.....7....H.......$f.....`..41200..+.....7...1". ...>^..~a..e.D.V.C...

                                                                                                                                          C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\sls.cab

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\SIHClient.exe
                                                                                                                                          File Type:Microsoft Cabinet archive data, single, 11149 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 18779, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):30005
                                                                                                                                          Entropy (8bit):7.7369400192915085
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:768:ouCAyCeQ8fkZdfTGo/its89z8gjP69zA4:Aqf56z8HzT
                                                                                                                                          MD5:4D7FE667BCB647FE9F2DA6FC8B95BDAE
                                                                                                                                          SHA1:B4B20C75C9AC2AD00D131E387BCB839F6FAAABCA
                                                                                                                                          SHA-256:BE273EA75322249FBF58C9CAD3C8DA5A70811837EF9064733E4F5FF1969D4078
                                                                                                                                          SHA-512:DDB8569A5A5F9AD3CCB990B0A723B64CEE4D49FA6515A8E5C029C1B9E2801F59259A0FC401E27372C133952E4C4840521419EF75895260FA22DFF91E0BE09C02
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:MSCF.....+......D...............[I...........+...I..........d.......rM..............environment.cab...Q.!+rMCK.|.XT....CI7.....AR..$..C$D....RA:....T..........o...g...>.....s....z...>..<...J.R.A......%}..... 0............\...e.z...@..{..,./.:9:X8.s^q...>.(]...I)....'..v@....!.(.i.n.!.g.8\/.+X3.E.~.pi...Q...B...."Oj..~.:....M....uB.}..v.WR........tDD......D7..j..`..5..E.2.z..C....4.s....r..Y.:.|.mtg...S..b._.....!.~Kn..E.=...x.N..e.)....xz...p..h.;..xR'...U.}........nK.+.Y........p..r _.;?.m}$..*%&...8. 7..T....,7..F...e...kI.y...q....".W.W..[..gZQ.....W.$k.T"...N.*...5.R...,+...u.~VO...R-......H7..9........].K....]....tS~*.LSi....T....3+........k......i.J.y...,.Y|.N.t.LX.....zu..8......S*7..{y.m.....Ob.....^.S8Kn.i.._.c~.x.ce.A...t........S.......i1......V..S]H....$..J....E..j...4...o.$..).....;.n<.b.}.(.J.]...Q..u,.-.Bm.[z.j..-i.."...._v.......N..+...g..v..../...;G.Yw....0..u...z....J..K.E..s&..u.h3.]J.G............Z....=.N.X..

                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1835008
                                                                                                                                          Entropy (8bit):4.46892107818621
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:6144:jzZfpi6ceLPx9skLmb0fNZWSP3aJG8nAgeiJRMMhA2zX4WABluuN2jDH5S:fZHtNZWOKnMM6bFpUj4
                                                                                                                                          MD5:3E5D632420B8EE4F22BB7F2AB7A148FA
                                                                                                                                          SHA1:1FD674971DA637AF9B79A826CE51E8956E93A6C7
                                                                                                                                          SHA-256:429E6E262B83EAB7D20BCBE495EA952C6CA9372D9649B76B3B432B88608367B4
                                                                                                                                          SHA-512:90405619033A1E0F1D0D183401E91E48792A46CC66134F01EA86DFF39DB64419B876B6E5589B99AFC3A65D7680B143E50853DCE70D9D57353B115D738C465192
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..i~".............................................................................................................................................................................................................................................................................................................................................."..]........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          \Device\ConDrv

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe
                                                                                                                                          File Type:ISO-8859 text, with CRLF, LF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):571
                                                                                                                                          Entropy (8bit):4.9398118662542965
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12:t+3p+t/hQAOfVaOQsXCzLQ8X+UwkY1v3igBe:Yot/h+ltcQy+UwkY1vdBe
                                                                                                                                          MD5:5294778E41EE83E1F1E78B56466AD690
                                                                                                                                          SHA1:348B8B4687216D57B8DF59BBCEC481DC9D1E61A6
                                                                                                                                          SHA-256:3AC122288181813B83236E1A2BCB449C51B50A3CA4925677A38C08B2FC6DF69C
                                                                                                                                          SHA-512:381FB6F3AA34E41C17DB3DD8E68B85508F51A94B3E77C479E40AD074767D1CEAE89B6E04FB7DD3D02A74D1AC3431B30920860A198C73387A865051538AE140F1
                                                                                                                                          Malicious:true
                                                                                                                                          Yara Hits:
                                                                                                                                          • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: \Device\ConDrv, Author: Joe Security
                                                                                                                                          Preview:.............................................................------------------------.. ..[-] Fetching endpoint.....[-] Bootstrapper up to date...[-] Killing conflicting processes.....[-] Ensuring essential directories.....[-] Ensuring essential dependencies.....[-] Downloading node......Unhandled Exception: System.Net.WebException: The operation has timed out.. at System.Net.WebClient.DownloadFile(Uri address, String fileName).. at Program.DownloadAndInstallNode().. at Program.EnsureDependencies().. at Program.Main(String[] args).

                                                                                                                                          Static File Info

                                                                                                                                          General

                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                          Entropy (8bit):7.864900901349677
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                          File name:oIDX88LpSs.exe
                                                                                                                                          File size:1'073'664 bytes
                                                                                                                                          MD5:14461f84b8fca58f2a3a6fdc884582fb
                                                                                                                                          SHA1:d948c2cd7f8bf46526ab689a6a590fdb0bdf56fc
                                                                                                                                          SHA256:1648da0c5f6a9b0f99339a225ed9e11e8910f198e44726b920d1872ca1b3972b
                                                                                                                                          SHA512:e236b264d26f9d5a32a717b2fbde87974fad62b16033b75d8618cb1706f2d84c3db4a9eea2d1e03931e641a0ac03f8da05c4565a97d0e550585a7ca50e5bb129
                                                                                                                                          SSDEEP:24576:cyUNcU5WXKit+nv6lTf0LmBYL4t67gPjR596:cJNcUkKituvMTf0LmEg59
                                                                                                                                          TLSH:B735F17566A199CFD3811B3CF8D8373440BC5BFAA8E3E2C4BD36A896AE217055C81CD5
                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ........@.. ....................................@................................

                                                                                                                                          File Icon

                                                                                                                                          Icon Hash:e4e9d4f0d0e972c7

                                                                                                                                          Static PE Info

                                                                                                                                          General

                                                                                                                                          Entrypoint:0x4dfd8e
                                                                                                                                          Entrypoint Section:.text
                                                                                                                                          Digitally signed:false
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                          Time Stamp:0x6713B788 [Sat Oct 19 13:43:36 2024 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:4
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:4
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:4
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                          Entrypoint Preview

                                                                                                                                          Instruction
                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al

                                                                                                                                          Data Directories

                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xdfd3c0x4f.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xe00000x27e9a.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1080000xc.reloc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                          Sections

                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          .text0x20000xddd940xdde00e490e83c7c4b6156965abd2b151d28c5False0.9396181778169014data7.997455883815368IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                          .rsrc0xe00000x27e9a0x28000c4c05d2bba211894d8d3c3310e00543cFalse0.40152587890625data5.659637494088809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .reloc0x1080000xc0x2006855264c8e665ac5afdbb18580876da0False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                          Resources

                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                          RT_ICON0xe01300x27928Device independent bitmap graphic, 204 x 384 x 32, image size 1566720.40137456196633925
                                                                                                                                          RT_GROUP_ICON0x107a580x14data1.1
                                                                                                                                          RT_VERSION0x107a6c0x244data0.4706896551724138
                                                                                                                                          RT_MANIFEST0x107cb00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                                                                          Imports

                                                                                                                                          DLLImport
                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                          Network Behavior

                                                                                                                                          Suricata IDS Alerts

                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                          2024-10-20T01:27:02.576210+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649713172.67.203.125443TCP
                                                                                                                                          2024-10-20T01:27:20.540928+02002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.649744185.141.35.223631TCP
                                                                                                                                          2024-10-20T01:27:30.897030+02002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.649744185.141.35.223631TCP

                                                                                                                                          Network Port Distribution

                                                                                                                                          TCP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Oct 20, 2024 01:26:58.749413013 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:26:58.749500036 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:58.749592066 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:26:58.810636044 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:26:58.810677052 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:59.444818974 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:59.444932938 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:26:59.450403929 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:26:59.450433016 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:59.450701952 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:59.505688906 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:26:59.551397085 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:59.696527958 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:59.696804047 CEST44349710172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:26:59.697259903 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:26:59.713936090 CEST49710443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:01.780672073 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:01.780721903 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:01.780793905 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:01.781510115 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:01.781524897 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.029508114 CEST497143631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:02.034465075 CEST363149714185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.034554958 CEST497143631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:02.237344980 CEST497143631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:02.242532969 CEST363149714185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.400341034 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.400427103 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:02.402400017 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:02.402407885 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.402631998 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.404201984 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:02.447416067 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.576214075 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.576292992 CEST44349713172.67.203.125192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.576380014 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:02.576967955 CEST49713443192.168.2.6172.67.203.125
                                                                                                                                          Oct 20, 2024 01:27:02.935857058 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:02.935952902 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.936103106 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:02.936373949 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:02.936397076 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:03.813427925 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:03.813796043 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:03.815511942 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:03.815521002 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:03.815887928 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:03.817070961 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:03.863393068 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:04.284691095 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:04.284784079 CEST44349715128.116.123.4192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:04.284840107 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:04.285238028 CEST49715443192.168.2.6128.116.123.4
                                                                                                                                          Oct 20, 2024 01:27:05.837636948 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:05.837663889 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:05.837759018 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:05.838012934 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:05.838021994 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:06.475342989 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:06.475578070 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:06.512409925 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:06.512448072 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:06.513417959 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:06.515863895 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:06.563396931 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:06.960963011 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:06.961183071 CEST44349719104.20.23.46192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:06.961313009 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:06.961586952 CEST49719443192.168.2.6104.20.23.46
                                                                                                                                          Oct 20, 2024 01:27:10.061809063 CEST363149714185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:10.061898947 CEST497143631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:10.069181919 CEST497143631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:10.074006081 CEST363149714185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:10.082374096 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:10.087244987 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:10.087323904 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:10.129725933 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:10.134565115 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:20.540927887 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:20.545769930 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:28.982532024 CEST6416553192.168.2.6162.159.36.2
                                                                                                                                          Oct 20, 2024 01:27:28.987500906 CEST5364165162.159.36.2192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:28.987602949 CEST6416553192.168.2.6162.159.36.2
                                                                                                                                          Oct 20, 2024 01:27:28.988343000 CEST6416553192.168.2.6162.159.36.2
                                                                                                                                          Oct 20, 2024 01:27:28.993407965 CEST5364165162.159.36.2192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:29.585525036 CEST5364165162.159.36.2192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:29.585908890 CEST6416553192.168.2.6162.159.36.2
                                                                                                                                          Oct 20, 2024 01:27:29.591176033 CEST5364165162.159.36.2192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:29.591276884 CEST6416553192.168.2.6162.159.36.2
                                                                                                                                          Oct 20, 2024 01:27:30.897030115 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:30.901845932 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:41.288568020 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:41.293505907 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:51.678231001 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:51.912194967 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:27:52.098114967 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:52.098150015 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:02.068830013 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:02.073708057 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:10.084335089 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:10.089231014 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:20.475238085 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:20.480145931 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.459479094 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.464474916 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.474889040 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.479732990 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.490537882 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.495492935 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.521819115 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.526647091 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.537362099 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.542226076 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.553021908 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.557920933 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.568739891 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.573575020 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:22.584275007 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:22.589209080 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:26.146728039 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:26.151751041 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:27.787777901 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:27.792840958 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:29.365641117 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:29.370642900 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:36.427987099 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:36.432967901 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:40.443612099 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:40.611972094 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:45.568643093 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:45.573672056 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:47.771758080 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:47.776890039 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:48.568579912 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:48.573679924 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:49.225048065 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:49.230541945 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:53.709454060 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:53.714639902 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:28:53.771728039 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:28:53.776721001 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:00.631083965 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:00.635966063 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:03.881068945 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:03.885888100 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:03.928124905 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:03.933052063 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:03.943516970 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:03.950150967 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:07.646689892 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:07.651603937 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:14.443530083 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:14.448425055 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:15.209273100 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:15.214235067 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:25.599965096 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:25.604805946 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:35.993016005 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:35.998188019 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:40.064253092 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:40.064347029 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:42.106575966 CEST497443631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:42.218363047 CEST363149744185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:42.236756086 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:42.241642952 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:42.241720915 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:42.361891031 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:42.366744041 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:43.381027937 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:43.385854959 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:47.943532944 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:47.948342085 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:53.259682894 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:29:53.264597893 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:06.162244081 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:06.167077065 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:14.896518946 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:14.902133942 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:18.115442038 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:18.120371103 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:26.756086111 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:26.760976076 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:34.740437031 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:34.975591898 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:35.303688049 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:35.462415934 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:35.462460995 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:35.462486982 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:40.241024971 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:40.246304989 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:46.568309069 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:46.573292971 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:50.677786112 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:50.682856083 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:30:58.631171942 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:30:58.636037111 CEST363164315185.141.35.22192.168.2.6
                                                                                                                                          Oct 20, 2024 01:31:03.441267014 CEST643153631192.168.2.6185.141.35.22
                                                                                                                                          Oct 20, 2024 01:31:03.446105957 CEST363164315185.141.35.22192.168.2.6

                                                                                                                                          UDP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Oct 20, 2024 01:26:58.730129957 CEST6112353192.168.2.61.1.1.1
                                                                                                                                          Oct 20, 2024 01:26:58.737442970 CEST53611231.1.1.1192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.005841970 CEST6495453192.168.2.61.1.1.1
                                                                                                                                          Oct 20, 2024 01:27:02.022336960 CEST53649541.1.1.1192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:02.883661032 CEST5722453192.168.2.61.1.1.1
                                                                                                                                          Oct 20, 2024 01:27:02.934796095 CEST53572241.1.1.1192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:05.828855038 CEST5658753192.168.2.61.1.1.1
                                                                                                                                          Oct 20, 2024 01:27:05.835866928 CEST53565871.1.1.1192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:28.981729031 CEST5350348162.159.36.2192.168.2.6
                                                                                                                                          Oct 20, 2024 01:27:29.597295046 CEST5276453192.168.2.61.1.1.1
                                                                                                                                          Oct 20, 2024 01:27:29.604582071 CEST53527641.1.1.1192.168.2.6
                                                                                                                                          Oct 20, 2024 01:29:42.122349977 CEST5482953192.168.2.61.1.1.1
                                                                                                                                          Oct 20, 2024 01:29:42.230297089 CEST53548291.1.1.1192.168.2.6

                                                                                                                                          DNS Queries

                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Oct 20, 2024 01:26:58.730129957 CEST192.168.2.61.1.1.10x3479Standard query (0)getsolara.devA (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:02.005841970 CEST192.168.2.61.1.1.10xfdbbStandard query (0)d8zyctl.localto.netA (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:02.883661032 CEST192.168.2.61.1.1.10x3090Standard query (0)clientsettings.roblox.comA (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:05.828855038 CEST192.168.2.61.1.1.10x8df3Standard query (0)www.nodejs.orgA (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:29.597295046 CEST192.168.2.61.1.1.10xd846Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:29:42.122349977 CEST192.168.2.61.1.1.10x5727Standard query (0)d8zyctl.localto.netA (IP address)IN (0x0001)false

                                                                                                                                          DNS Answers

                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Oct 20, 2024 01:26:58.737442970 CEST1.1.1.1192.168.2.60x3479No error (0)getsolara.dev172.67.203.125A (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:26:58.737442970 CEST1.1.1.1192.168.2.60x3479No error (0)getsolara.dev104.21.93.27A (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:02.022336960 CEST1.1.1.1192.168.2.60xfdbbNo error (0)d8zyctl.localto.net185.141.35.22A (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:02.934796095 CEST1.1.1.1192.168.2.60x3090No error (0)clientsettings.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:02.934796095 CEST1.1.1.1192.168.2.60x3090No error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:02.934796095 CEST1.1.1.1192.168.2.60x3090No error (0)edge-term4.roblox.comedge-term4-fra2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:02.934796095 CEST1.1.1.1192.168.2.60x3090No error (0)edge-term4-fra2.roblox.com128.116.123.4A (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:05.835866928 CEST1.1.1.1192.168.2.60x8df3No error (0)www.nodejs.org104.20.23.46A (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:05.835866928 CEST1.1.1.1192.168.2.60x8df3No error (0)www.nodejs.org104.20.22.46A (IP address)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:27:29.604582071 CEST1.1.1.1192.168.2.60xd846Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                          Oct 20, 2024 01:29:42.230297089 CEST1.1.1.1192.168.2.60x5727No error (0)d8zyctl.localto.net185.141.35.22A (IP address)IN (0x0001)false

                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                          • getsolara.dev
                                                                                                                                          • clientsettings.roblox.com
                                                                                                                                          • www.nodejs.org

                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.649710172.67.203.1254437084C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-10-19 23:26:59 UTC81OUTGET /asset/discord.json HTTP/1.1
                                                                                                                                          Host: getsolara.dev
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2024-10-19 23:26:59 UTC1023INHTTP/1.1 200 OK
                                                                                                                                          Date: Sat, 19 Oct 2024 23:26:59 GMT
                                                                                                                                          Content-Type: application/json
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                          Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                          ETag: W/"7d966f73b6ce74a610dddaf0d0951ed8"
                                                                                                                                          referrer-policy: strict-origin-when-cross-origin
                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iUPzqxGfr1Efysynwou2TykDEsLhSemvwzUW270JzZK1cuaPGt1Tc%2Fw5gwCO1IeKXZvEKijX0emx%2FCWwFkHDWXJEuoQ7K3C2OXAB6rK8z3%2Fep3WYQtEX3%2F5I5h%2FfjygW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                          Strict-Transport-Security: max-age=0
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8d5489465ae26c68-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1197&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2811&recv_bytes=695&delivery_rate=2343042&cwnd=251&unsent_bytes=0&cid=9d2e59680e8b0fc9&ts=269&x=0"
                                                                                                                                          2024-10-19 23:26:59 UTC109INData Raw: 36 37 0d 0a 7b 0a 20 20 20 20 22 61 72 67 73 22 20 3a 20 7b 0a 20 20 20 20 20 20 20 22 63 6f 64 65 22 20 3a 20 22 38 50 67 73 70 52 59 41 51 75 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 63 6d 64 22 20 3a 20 22 49 4e 56 49 54 45 5f 42 52 4f 57 53 45 52 22 2c 0a 20 20 20 20 22 6e 6f 6e 63 65 22 20 3a 20 22 2e 22 0a 20 7d 0d 0a
                                                                                                                                          Data Ascii: 67{ "args" : { "code" : "8PgspRYAQu" }, "cmd" : "INVITE_BROWSER", "nonce" : "." }
                                                                                                                                          2024-10-19 23:26:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.649713172.67.203.1254437084C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-10-19 23:27:02 UTC56OUTGET /api/endpoint.json HTTP/1.1
                                                                                                                                          Host: getsolara.dev
                                                                                                                                          2024-10-19 23:27:02 UTC1017INHTTP/1.1 200 OK
                                                                                                                                          Date: Sat, 19 Oct 2024 23:27:02 GMT
                                                                                                                                          Content-Type: application/json
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                          Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                          ETag: W/"d5b1b21ea841e30137558eeb7f510379"
                                                                                                                                          referrer-policy: strict-origin-when-cross-origin
                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=joxQEY2uMl25HuETzDxrusIILCZlZPSkE4DsRbFWTdsH6Wx0bnN4goRHH4aX%2BSYTrr4tFoP97tcY1JwNLFExFdYY%2BRHvjzTFiy0ZWc0mMfgsATL9QsIt9lOmPnCXHEXd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                          Strict-Transport-Security: max-age=0
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8d54895879734870-DFW
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1111&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2812&recv_bytes=694&delivery_rate=2441821&cwnd=232&unsent_bytes=0&cid=62d8bc38457a37ef&ts=200&x=0"
                                                                                                                                          2024-10-19 23:27:02 UTC352INData Raw: 32 32 65 0d 0a 7b 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 20 22 31 2e 32 32 22 2c 0a 20 20 20 20 22 53 75 70 70 6f 72 74 65 64 43 6c 69 65 6e 74 22 3a 20 22 76 65 72 73 69 6f 6e 2d 39 64 62 66 39 37 38 30 35 36 32 34 34 34 65 31 22 2c 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 56 65 72 73 69 6f 6e 22 3a 20 22 33 2e 31 32 32 22 2c 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 55 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 33 30 30 66 61 36 32 32 2e 73 6f 6c 61 72 61 77 65 62 2d 61 6c 6a 2e 70 61 67 65 73 2e 64 65 76 2f 64 6f 77 6e 6c 6f 61 64 2f 73 74 61 74 69 63 2f 66 69 6c 65 73 2f 42 6f 6f 74 73 74 72 61 70 70 65 72 2e 65 78 65 22 2c 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 55 72 6c 22 3a 22 68 74 74 70 73
                                                                                                                                          Data Ascii: 22e{ "BootstrapperVersion": "1.22", "SupportedClient": "version-9dbf9780562444e1", "SoftwareVersion": "3.122", "BootstrapperUrl": "https://300fa622.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe", "SoftwareUrl":"https
                                                                                                                                          2024-10-19 23:27:02 UTC213INData Raw: 73 3a 2f 2f 63 6c 69 65 6e 74 73 65 74 74 69 6e 67 73 2e 72 6f 62 6c 6f 78 2e 63 6f 6d 2f 76 32 2f 63 6c 69 65 6e 74 2d 76 65 72 73 69 6f 6e 2f 57 69 6e 64 6f 77 73 50 6c 61 79 65 72 2f 63 68 61 6e 6e 65 6c 2f 6c 69 76 65 22 2c 0a 20 20 20 20 22 43 6c 69 65 6e 74 48 61 73 68 22 3a 22 30 38 66 39 30 33 66 38 66 61 35 37 37 61 62 30 32 37 64 36 61 39 36 63 32 30 33 62 62 33 39 62 36 61 39 33 64 34 61 63 39 34 62 38 63 39 32 37 31 64 36 32 34 33 33 34 63 33 38 62 33 61 30 33 22 2c 0a 20 20 20 20 22 43 68 61 6e 67 65 6c 6f 67 22 3a 22 5b 2b 5d 20 49 6d 70 72 6f 76 65 64 20 6c 6f 61 64 73 74 72 69 6e 67 20 74 69 6d 65 73 22 0a 7d 0d 0a
                                                                                                                                          Data Ascii: s://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live", "ClientHash":"08f903f8fa577ab027d6a96c203bb39b6a93d4ac94b8c9271d624334c38b3a03", "Changelog":"[+] Improved loadstring times"}
                                                                                                                                          2024-10-19 23:27:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.649715128.116.123.44437084C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-10-19 23:27:03 UTC119OUTGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
                                                                                                                                          Host: clientsettings.roblox.com
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2024-10-19 23:27:04 UTC576INHTTP/1.1 200 OK
                                                                                                                                          content-length: 119
                                                                                                                                          content-type: application/json; charset=utf-8
                                                                                                                                          date: Sat, 19 Oct 2024 23:27:03 GMT
                                                                                                                                          server: Kestrel
                                                                                                                                          cache-control: no-cache
                                                                                                                                          strict-transport-security: max-age=3600
                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                          roblox-machine-id: 4f9d864b-4ba9-9add-98fc-e0517eb6d6ac
                                                                                                                                          x-roblox-region: us-central_rbx
                                                                                                                                          x-roblox-edge: fra2
                                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
                                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
                                                                                                                                          connection: close
                                                                                                                                          2024-10-19 23:27:04 UTC119INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 36 34 37 2e 30 2e 36 34 37 30 37 31 37 22 2c 22 63 6c 69 65 6e 74 56 65 72 73 69 6f 6e 55 70 6c 6f 61 64 22 3a 22 76 65 72 73 69 6f 6e 2d 39 64 62 66 39 37 38 30 35 36 32 34 34 34 65 31 22 2c 22 62 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 22 31 2c 20 36 2c 20 30 2c 20 36 34 37 30 37 31 37 22 7d
                                                                                                                                          Data Ascii: {"version":"0.647.0.6470717","clientVersionUpload":"version-9dbf9780562444e1","bootstrapperVersion":"1, 6, 0, 6470717"}


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.649719104.20.23.464437084C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2024-10-19 23:27:06 UTC99OUTGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
                                                                                                                                          Host: www.nodejs.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2024-10-19 23:27:06 UTC497INHTTP/1.1 307 Temporary Redirect
                                                                                                                                          Date: Sat, 19 Oct 2024 23:27:06 GMT
                                                                                                                                          Content-Type: text/plain
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                          location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                                                                                                                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                          x-vercel-id: cle1::cs9km-1729380426880-24ed09e564e5
                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8d5489722b5b4683-DFW
                                                                                                                                          2024-10-19 23:27:06 UTC20INData Raw: 66 0d 0a 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 0a 0d 0a
                                                                                                                                          Data Ascii: fRedirecting...
                                                                                                                                          2024-10-19 23:27:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Statistics

                                                                                                                                          CPU Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          Memory Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          High Level Behavior Distribution

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Behavior

                                                                                                                                          Click to jump to process

                                                                                                                                          System Behavior

                                                                                                                                          General

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:19:26:56
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Users\user\Desktop\oIDX88LpSs.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Users\user\Desktop\oIDX88LpSs.exe"
                                                                                                                                          Imagebase:0x760000
                                                                                                                                          File size:1'073'664 bytes
                                                                                                                                          MD5 hash:14461F84B8FCA58F2A3A6FDC884582FB
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2113525590.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:2
                                                                                                                                          Start time:19:26:56
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Users\user\AppData\Roaming\MyNigga!.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\MyNigga!.exe"
                                                                                                                                          Imagebase:0x9b0000
                                                                                                                                          File size:76'800 bytes
                                                                                                                                          MD5 hash:2B3B90E6EED13A7E4E2F8285F0022F94
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000002.00000000.2110723473.00000000009B2000.00000002.00000001.01000000.00000006.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\MyNigga!.exe, Author: Joe Security
                                                                                                                                          • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\MyNigga!.exe, Author: ditekSHen
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:3
                                                                                                                                          Start time:19:26:56
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\BootstrapperV1.22.exe"
                                                                                                                                          Imagebase:0x1bf52100000
                                                                                                                                          File size:819'200 bytes
                                                                                                                                          MD5 hash:2A4DCF20B82896BE94EB538260C5FB93
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                          • Detection: 63%, ReversingLabs
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:4
                                                                                                                                          Start time:19:26:56
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:5
                                                                                                                                          Start time:19:26:57
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"cmd" /c ipconfig /all
                                                                                                                                          Imagebase:0x7ff7ea9c0000
                                                                                                                                          File size:289'792 bytes
                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:6
                                                                                                                                          Start time:19:26:57
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:7
                                                                                                                                          Start time:19:26:57
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\ipconfig.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:ipconfig /all
                                                                                                                                          Imagebase:0x7ff6d92c0000
                                                                                                                                          File size:35'840 bytes
                                                                                                                                          MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:8
                                                                                                                                          Start time:19:27:01
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\schtasks.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "FluxusV1" /tr "C:\Users\user\AppData\Roaming\FluxusV1.2"
                                                                                                                                          Imagebase:0x7ff652c80000
                                                                                                                                          File size:235'008 bytes
                                                                                                                                          MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:9
                                                                                                                                          Start time:19:27:01
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff66e660000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:10
                                                                                                                                          Start time:19:27:03
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                                                                                                                                          Imagebase:0x7ff663b20000
                                                                                                                                          File size:123'984 bytes
                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:14
                                                                                                                                          Start time:19:27:06
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 7084 -s 2188
                                                                                                                                          Imagebase:0x7ff6afbf0000
                                                                                                                                          File size:570'736 bytes
                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:15
                                                                                                                                          Start time:19:27:10
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                          Imagebase:0x7ff663b20000
                                                                                                                                          File size:123'984 bytes
                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:17
                                                                                                                                          Start time:19:27:12
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\SIHClient.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\System32\sihclient.exe /cv 7NrvztKWqECbt1RuJH7L+Q.0.2
                                                                                                                                          Imagebase:0x7ff792bb0000
                                                                                                                                          File size:380'720 bytes
                                                                                                                                          MD5 hash:8BE47315BF30475EEECE8E39599E9273
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:18
                                                                                                                                          Start time:19:27:18
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                          Imagebase:0x7ff663b20000
                                                                                                                                          File size:123'984 bytes
                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:20
                                                                                                                                          Start time:19:28:01
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                                                                                                                                          Imagebase:0x7ff663b20000
                                                                                                                                          File size:123'984 bytes
                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:21
                                                                                                                                          Start time:19:29:00
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                                                                                                                                          Imagebase:0x7ff663b20000
                                                                                                                                          File size:123'984 bytes
                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:22
                                                                                                                                          Start time:19:30:00
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                                                                                                                                          Imagebase:0x7ff663b20000
                                                                                                                                          File size:123'984 bytes
                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:23
                                                                                                                                          Start time:19:31:00
                                                                                                                                          Start date:19/10/2024
                                                                                                                                          Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\OpenWith.exe "C:\Users\user\AppData\Roaming\FluxusV1.2"
                                                                                                                                          Imagebase:0x7ff663b20000
                                                                                                                                          File size:123'984 bytes
                                                                                                                                          MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:false

                                                                                                                                          Disassembly

                                                                                                                                          Reset < >

                                                                                                                                            Executed Functions

                                                                                                                                            Function 00007FFD346E10ED Relevance: .4, Instructions: 431COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6a5c3fda1d82461fe37ea506858d90a863c15cb925fa863ab8a4192cb1e92995
                                                                                                                                            • Instruction ID: b2bc38a6c053c16dce8a34ee02a6ce84b6888bac4c63708f37e8361ba4a2d49d
                                                                                                                                            • Opcode Fuzzy Hash: 6a5c3fda1d82461fe37ea506858d90a863c15cb925fa863ab8a4192cb1e92995
                                                                                                                                            • Instruction Fuzzy Hash: 5831CD61B0DA894FEB95AB684C692F9BBE1EF96305B0800BBD44DC3293DD185C45D311
                                                                                                                                            Function 00007FFD346E09F7 Relevance: .2, Instructions: 220COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1ad6ab3902fc451a6ce0fb98a1af2cf568ad4c485c32e4be21ae68251c26e282
                                                                                                                                            • Instruction ID: 37e61edba4f4adca5abeb527b1ba58d7d4ee4d96323d88262942b4cfb83a3704
                                                                                                                                            • Opcode Fuzzy Hash: 1ad6ab3902fc451a6ce0fb98a1af2cf568ad4c485c32e4be21ae68251c26e282
                                                                                                                                            • Instruction Fuzzy Hash: B3716E70A199288FEB98EF68D4A8BAE77E2FF55314F544168E05AD32D1CF38AC45C740
                                                                                                                                            Function 00007FFD346E0D80 Relevance: .1, Instructions: 109COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 236f5525a6866bc0a0bdccef206ebe9ec70e6b5d2891aa67b3c66ae3be7b6cf2
                                                                                                                                            • Instruction ID: c6d350074403ae16e225aa7d0c49dead5ebef10094d5a54a2a849a923eca60da
                                                                                                                                            • Opcode Fuzzy Hash: 236f5525a6866bc0a0bdccef206ebe9ec70e6b5d2891aa67b3c66ae3be7b6cf2
                                                                                                                                            • Instruction Fuzzy Hash: C331426284E3D25FC3439B7498B64A27FB09E4722070E44EBD4C9CB4A3D50C6A9AD762
                                                                                                                                            Function 00007FFD346E0498 Relevance: .1, Instructions: 91COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 661163adf0e20554cea694e0fc14c6746a6af7fb3f0d1facf139df8f46e9c876
                                                                                                                                            • Instruction ID: d2e06ef045cfde5be1e87276051ace9313282e326e1171f811e2049b4d77b748
                                                                                                                                            • Opcode Fuzzy Hash: 661163adf0e20554cea694e0fc14c6746a6af7fb3f0d1facf139df8f46e9c876
                                                                                                                                            • Instruction Fuzzy Hash: EB218631B1895D4FEF94FB6C88A96FDB7D2EFA9305B04007AE40ED3293DD68A8419700
                                                                                                                                            Function 00007FFD346E0EF9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bf549c9f3faaf223d043e1f99aaadb458158b4276bbbdfdd502f3a93c2851ab2
                                                                                                                                            • Instruction ID: 35653610a7541dbd70de1c129ba9353eb7701948dc42be871a12b1f6c6bdb537
                                                                                                                                            • Opcode Fuzzy Hash: bf549c9f3faaf223d043e1f99aaadb458158b4276bbbdfdd502f3a93c2851ab2
                                                                                                                                            • Instruction Fuzzy Hash: B3012B52F0D9A60FF3506B7819B91F56BD5DF57310B0D41B5E549C31D3DD1DA8929300
                                                                                                                                            Function 00007FFD346E0951 Relevance: .1, Instructions: 59COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6f451ed7209e26a13efac0b4358dc9f060fd86a5aa535418b7d5f265a253669a
                                                                                                                                            • Instruction ID: 14d07a51f2c0e491885b2458a4cf9c7ec8568f7d48968a173cfdec2a0b828454
                                                                                                                                            • Opcode Fuzzy Hash: 6f451ed7209e26a13efac0b4358dc9f060fd86a5aa535418b7d5f265a253669a
                                                                                                                                            • Instruction Fuzzy Hash: 33110271D04B588FEF44CFA8C49A2DEBBF0FF59310F14416AD540E3282DB38A9868B51
                                                                                                                                            Function 00007FFD346E0E71 Relevance: .1, Instructions: 53COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3d35674e7da785bd22e30496e45d11c57601799cb7074a1fd0ea12d20b386b4d
                                                                                                                                            • Instruction ID: 4872c06069c86ca30ef5dc2ad107f31ed8ce3f19bca1f2a39527f47063e563af
                                                                                                                                            • Opcode Fuzzy Hash: 3d35674e7da785bd22e30496e45d11c57601799cb7074a1fd0ea12d20b386b4d
                                                                                                                                            • Instruction Fuzzy Hash: 54012630B1EB694FD794EB68C4F12AA73D2FF8A214F041479C149C3282DA2CB8428781
                                                                                                                                            Function 00007FFD346E04B0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bfc63d4877fba125e61569515ee1c6c44433a14feba7f9209eca986e24d078c4
                                                                                                                                            • Instruction ID: b7aa5439b3b49f03ad8bd6edd8970783a7e96783a0617ad04a01a0f3d36369a9
                                                                                                                                            • Opcode Fuzzy Hash: bfc63d4877fba125e61569515ee1c6c44433a14feba7f9209eca986e24d078c4
                                                                                                                                            • Instruction Fuzzy Hash: A5F0F430B29A294BD794E76884A06BE33D6EB8A304F501439D50EC3384DE2CA8424781
                                                                                                                                            Function 00007FFD346E04A8 Relevance: .0, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e58e8d998de611ef7e4f152efd38341ae077184bf4fd1ec161c5393029290048
                                                                                                                                            • Instruction ID: 4c4c24e2541eecf8a30e5620552c92c1b0f2748d4c4e69137c50a196a763eff5
                                                                                                                                            • Opcode Fuzzy Hash: e58e8d998de611ef7e4f152efd38341ae077184bf4fd1ec161c5393029290048
                                                                                                                                            • Instruction Fuzzy Hash: 35F02820B2DA6A4BD764F67CD4A16BB73D6EF8A314F101539D14EC3285CD2CB8828780
                                                                                                                                            Function 00007FFD346E0F3F Relevance: .0, Instructions: 30COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000000.00000002.2114145686.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd346e0000_oIDX88LpSs.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 392186c68acf7fa9eb70d072b5f1e35c17932eeadc99ab41f64807f15defea99
                                                                                                                                            • Instruction ID: a7286996f093335fcb71d00787ed033649e20c18a6ee9661103b56aa8a3d3134
                                                                                                                                            • Opcode Fuzzy Hash: 392186c68acf7fa9eb70d072b5f1e35c17932eeadc99ab41f64807f15defea99
                                                                                                                                            • Instruction Fuzzy Hash: 6DE08602F18D1A4BF79465AC24B62F5A3C6DB99214F851035E10EC2293EC1D9C925240

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:22.1%
                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                            Signature Coverage:0%
                                                                                                                                            Total number of Nodes:6
                                                                                                                                            Total number of Limit Nodes:0
                                                                                                                                            execution_graph 4815 7ffd346f2d3a 4816 7ffd346f2d47 RtlSetProcessIsCritical 4815->4816 4818 7ffd346f2fc2 4816->4818 4807 7ffd346f3408 4808 7ffd346f3411 SetWindowsHookExW 4807->4808 4810 7ffd346f34e1 4808->4810

                                                                                                                                            Executed Functions

                                                                                                                                            Function 00007FFD346F186D Relevance: 1.9, Strings: 1, Instructions: 628COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000002.00000002.4573339829.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd346f0000_MyNigga!.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: CAM_^
                                                                                                                                            • API String ID: 0-3136481660
                                                                                                                                            • Opcode ID: 450404de804d0a14e0ae3c8942730ef087cb4a40432875bfd89280ddb4873a22
                                                                                                                                            • Instruction ID: ba134a1fd7efda6c32df56e2d996aca61f9c9722b3d048adaf5a3eaef18b6ac3
                                                                                                                                            • Opcode Fuzzy Hash: 450404de804d0a14e0ae3c8942730ef087cb4a40432875bfd89280ddb4873a22
                                                                                                                                            • Instruction Fuzzy Hash: DD12C462B2CA594BE7A5FB6C84A53B973D2FF99344F440579E08EC32D6DE2CAC418341
                                                                                                                                            Function 00007FFD346F7ED6 Relevance: .5, Instructions: 469COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000002.00000002.4573339829.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd346f0000_MyNigga!.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ced83527c66369cff24678b1ab7b4b1e6e0348c598a4b566128f44787f26ba05
                                                                                                                                            • Instruction ID: 0b184837d97bf04b612a03c3f1ef529cedf00b1accf927314616c36cf1762123
                                                                                                                                            • Opcode Fuzzy Hash: ced83527c66369cff24678b1ab7b4b1e6e0348c598a4b566128f44787f26ba05
                                                                                                                                            • Instruction Fuzzy Hash: 58F1B731A08A4D8FEBA8DF28C8557E937E1FF55310F44426EE84DC7291DF38A9558B81
                                                                                                                                            Function 00007FFD346F9092 Relevance: .5, Instructions: 455COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000002.00000002.4573339829.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd346f0000_MyNigga!.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6cffddb300d2b78913d01832c7728e8a181a9c42d5b42cbb80d3315c930b30fa
                                                                                                                                            • Instruction ID: f8af45a0e11524192fbddb4b614f53cc1eca6badb0bd8914af79bf8a6c30a30d
                                                                                                                                            • Opcode Fuzzy Hash: 6cffddb300d2b78913d01832c7728e8a181a9c42d5b42cbb80d3315c930b30fa
                                                                                                                                            • Instruction Fuzzy Hash: 73E1B731A08A4D8FEBA8DF28C8957E977E1FF55310F14426ED84DC7295CF78A8448B81
                                                                                                                                            Function 00007FFD346F2059 Relevance: .2, Instructions: 194COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000002.00000002.4573339829.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd346f0000_MyNigga!.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 97341c651f931f535d0cbbd33cd67ab821baa9bdb8b1cf7efabc6abb4c546cca
                                                                                                                                            • Instruction ID: d63f825355e7b3ac336772583b83e73906bc2decb1fa0463ae2f09e96037c011
                                                                                                                                            • Opcode Fuzzy Hash: 97341c651f931f535d0cbbd33cd67ab821baa9bdb8b1cf7efabc6abb4c546cca
                                                                                                                                            • Instruction Fuzzy Hash: 6B51F012B1E6C50FEBA6AB7848752B6BFD5DF97219B0801FAE0CEC7193DD185806C302
                                                                                                                                            Function 00007FFD346F2D3A Relevance: 1.8, APIs: 1, Instructions: 309COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 132 7ffd346f2d3a-7ffd346f2d64 135 7ffd346f2db5-7ffd346f2dd9 132->135 136 7ffd346f2d66 132->136 137 7ffd346f2d97-7ffd346f2db3 135->137 142 7ffd346f2ddb-7ffd346f2dea 135->142 136->137 137->135 144 7ffd346f2dec-7ffd346f2df4 142->144 145 7ffd346f2e17-7ffd346f2e35 142->145 148 7ffd346f2e48-7ffd346f2e79 144->148 149 7ffd346f2df6-7ffd346f2e15 144->149 152 7ffd346f2e39-7ffd346f2e45 145->152 148->152 159 7ffd346f2e7b-7ffd346f2f5a 148->159 149->145 152->148 175 7ffd346f2f62-7ffd346f2fc0 RtlSetProcessIsCritical 159->175 176 7ffd346f2fc8-7ffd346f2ffd 175->176 177 7ffd346f2fc2 175->177 177->176
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000002.00000002.4573339829.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd346f0000_MyNigga!.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 68064d5b277afcede8730a356bcdbff2e6b37bcbeeefed9ca567a6bf00950087
                                                                                                                                            • Instruction ID: 2a7071661915b0dcfafc51210f621f7a048dab8dcbfe877562cb86d9f0ec4b7f
                                                                                                                                            • Opcode Fuzzy Hash: 68064d5b277afcede8730a356bcdbff2e6b37bcbeeefed9ca567a6bf00950087
                                                                                                                                            • Instruction Fuzzy Hash: 96A14663E0DAD24FE716DA6858AA1E57FD0FF27310B1840BFC1DAC71C3EA19A8059752
                                                                                                                                            Function 00007FFD346F2DB8 Relevance: 1.8, APIs: 1, Instructions: 275COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000002.00000002.4573339829.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd346f0000_MyNigga!.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CriticalProcess
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2695349919-0
                                                                                                                                            • Opcode ID: ce554a0ab6dd9e32332dc6e882a32b2f960ce97b8cf1c0961cc43c96686d3f3f
                                                                                                                                            • Instruction ID: ab16ae609f4af94718a856cb55dfcc08385e7ecadefd3219148559e19df9b914
                                                                                                                                            • Opcode Fuzzy Hash: ce554a0ab6dd9e32332dc6e882a32b2f960ce97b8cf1c0961cc43c96686d3f3f
                                                                                                                                            • Instruction Fuzzy Hash: 95817763E0DA955FE715DA6858A61E97FE0FF22310F1840BFD0DAC71C3EA19E8058742
                                                                                                                                            Function 00007FFD346F3408 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 223 7ffd346f3408-7ffd346f340f 224 7ffd346f341a-7ffd346f342a 223->224 225 7ffd346f3411-7ffd346f3419 223->225 226 7ffd346f342c-7ffd346f345c 224->226 227 7ffd346f3460-7ffd346f348d 224->227 225->224 226->227 230 7ffd346f3519-7ffd346f351d 227->230 231 7ffd346f3493-7ffd346f34a0 227->231 232 7ffd346f34a2-7ffd346f34df SetWindowsHookExW 230->232 231->232 234 7ffd346f34e7-7ffd346f3518 232->234 235 7ffd346f34e1 232->235 235->234
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000002.00000002.4573339829.00007FFD346F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_2_2_7ffd346f0000_MyNigga!.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HookWindows
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2559412058-0
                                                                                                                                            • Opcode ID: aea27548ae167de9a09673426ea0ac2618e3b4e3f3a6a7d96801455eb0b9b0be
                                                                                                                                            • Instruction ID: 858e582b955ccf149c0af1840eec3f0386ed3b6d54b5f295aa28ea4c2daa8d4c
                                                                                                                                            • Opcode Fuzzy Hash: aea27548ae167de9a09673426ea0ac2618e3b4e3f3a6a7d96801455eb0b9b0be
                                                                                                                                            • Instruction Fuzzy Hash: BE41E931A0CA5D4FDB19EF9CD8566F977E1EF96321F00423ED049D3192CA65A85287C1

                                                                                                                                            Executed Functions

                                                                                                                                            Function 00007FFD346E6DB0 Relevance: 14.8, Strings: 11, Instructions: 1019COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 8Kz4$8Kz4$8Kz4$8Kz4$8Kz4$HA]4$HA]4$HA]4$HA]4$HA]4$HA]4
                                                                                                                                            • API String ID: 0-1749504615
                                                                                                                                            • Opcode ID: 3e907632f4be63e42f6a20d9c8678fa71a2d7a4e96f3a55eaccf831c1f541393
                                                                                                                                            • Instruction ID: 77576a8f7cdd1bce08dc80933be604a75c1bac9bf1964f98e2b4699b41943774
                                                                                                                                            • Opcode Fuzzy Hash: 3e907632f4be63e42f6a20d9c8678fa71a2d7a4e96f3a55eaccf831c1f541393
                                                                                                                                            • Instruction Fuzzy Hash: 7A628131B189598FDB98EF1CC8A5AE937E2FFA9304F150179E48DD7291DE29EC418B40
                                                                                                                                            Function 00007FFD346F2AB0 Relevance: 9.6, Strings: 7, Instructions: 882COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4$@W]4$HA]4$HA]4$HA]4$HA]4$HA]4
                                                                                                                                            • API String ID: 0-4001987693
                                                                                                                                            • Opcode ID: d3cb8c111c5448eee04a2dceee1c6236fb8ffae937602d93df44b132f9047880
                                                                                                                                            • Instruction ID: e3e01c9701551bc4086f94766280a1d55db42ac327ad68ae3f5c42fbcde016ea
                                                                                                                                            • Opcode Fuzzy Hash: d3cb8c111c5448eee04a2dceee1c6236fb8ffae937602d93df44b132f9047880
                                                                                                                                            • Instruction Fuzzy Hash: 8B521732B1CE494FD7A5DF2C84A46A57BD1FF96300F0446BAD48EC7292DE29E845CB81
                                                                                                                                            Function 00007FFD346EE898 Relevance: 7.0, Strings: 5, Instructions: 712COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ?L_H$HA]4$HA]4$HA]4$`En4
                                                                                                                                            • API String ID: 0-6964217
                                                                                                                                            • Opcode ID: 1427536d50b5b35590f857f7434999b09d034f8eabaf3bb3a43f95ba71eb4fb9
                                                                                                                                            • Instruction ID: 611c9d87da3c9be75e817bc39967786899f52727117ce0605b911005f47d2081
                                                                                                                                            • Opcode Fuzzy Hash: 1427536d50b5b35590f857f7434999b09d034f8eabaf3bb3a43f95ba71eb4fb9
                                                                                                                                            • Instruction Fuzzy Hash: 7A225832B0CA594FE764DE68D8A52F97BD1EF97310F0401BAD58DC7282DE2DAC469381
                                                                                                                                            Function 00007FFD346F25D3 Relevance: 1.8, Strings: 1, Instructions: 567COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ({|4
                                                                                                                                            • API String ID: 0-3193445683
                                                                                                                                            • Opcode ID: 5c1daf1c8a4f5afcc2d4a49924e6646a1f54161803e7e39a04ba774f9d5a78b2
                                                                                                                                            • Instruction ID: d21c177cea99476f56a4b4fce887c40f3c2d5744e2aa1ef786231fb0ddd70b03
                                                                                                                                            • Opcode Fuzzy Hash: 5c1daf1c8a4f5afcc2d4a49924e6646a1f54161803e7e39a04ba774f9d5a78b2
                                                                                                                                            • Instruction Fuzzy Hash: 4DF12953B0DAE60FE762AA6C98F64E63BD0EF53354B0802B7D1D9C7093ED0D78069691
                                                                                                                                            Function 00007FFD346E6DB8 Relevance: .3, Instructions: 343COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 09e43b83c37d61f4a02fb91768c3492ed4df51887a165c8ffbc642283a71c0e2
                                                                                                                                            • Instruction ID: f9b8a5581c5bb7a61381b4fb601c8b34f0b756fcef64520333c7448d83f0a97b
                                                                                                                                            • Opcode Fuzzy Hash: 09e43b83c37d61f4a02fb91768c3492ed4df51887a165c8ffbc642283a71c0e2
                                                                                                                                            • Instruction Fuzzy Hash: EAB14A13B0EA911FE7659B7C6CA91B53B91EF93624B0841BBD1C8CB1E7E909A8059381
                                                                                                                                            Function 00007FFD346E59E8 Relevance: 11.8, Strings: 9, Instructions: 569COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4$HA]4$HA]4$HA]4$HA]4$`n~4$`p~4$`p~4
                                                                                                                                            • API String ID: 0-3411912183
                                                                                                                                            • Opcode ID: eefcb6411721447d60a4313402ccc6810ed8c16e418adbf9451d66d11a980a2a
                                                                                                                                            • Instruction ID: 12b91c636c30f52e10a34ca3bc198627ad3d8699acf7e94915253719214e509b
                                                                                                                                            • Opcode Fuzzy Hash: eefcb6411721447d60a4313402ccc6810ed8c16e418adbf9451d66d11a980a2a
                                                                                                                                            • Instruction Fuzzy Hash: 7EF12932B18D194FEB98EE2C94A56B977C2EFDA310B0402BAE54ED7393DD29EC414340
                                                                                                                                            Function 00007FFD346E454D Relevance: 11.5, Strings: 9, Instructions: 219COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 8Kz4$HA]4$HA]4$HA]4$HA]4$HA]4$HA]4$HA]4$\
                                                                                                                                            • API String ID: 0-1057247179
                                                                                                                                            • Opcode ID: 4ecd74791aaf47e8c3031a92bc05c370c7627526b84ed81081184faf41bd82fb
                                                                                                                                            • Instruction ID: a16512c8b7484d0e4976e63e17573226fb652c1c6599313a43f74a2be22ba210
                                                                                                                                            • Opcode Fuzzy Hash: 4ecd74791aaf47e8c3031a92bc05c370c7627526b84ed81081184faf41bd82fb
                                                                                                                                            • Instruction Fuzzy Hash: 7F51E427B0967D4BD7217ABDB9940FA7790DF82336B1803B7D288CA093DE19588687D0
                                                                                                                                            Function 00007FFD346F6F9D Relevance: 10.5, Strings: 8, Instructions: 526COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4$@W]4$HA]4$HA]4$HA]4$HA]4$HA]4$HA]4
                                                                                                                                            • API String ID: 0-2640866533
                                                                                                                                            • Opcode ID: 58b4fc15d7cb600eb67aacacb70ed14d0a704b46424c8367074b12f37c3fee8a
                                                                                                                                            • Instruction ID: b77c6cc9debee3556d7516ffe95812bbbc86a3cc0e59b36c3490218b75d13a4e
                                                                                                                                            • Opcode Fuzzy Hash: 58b4fc15d7cb600eb67aacacb70ed14d0a704b46424c8367074b12f37c3fee8a
                                                                                                                                            • Instruction Fuzzy Hash: 4EE12822B1CA594FEB94EA2C54A52F937D2EF9A315F0801BAD58DD72C3DD2CEC419381
                                                                                                                                            Function 00007FFD346F6EAC Relevance: 9.2, Strings: 7, Instructions: 437COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4$HA]4$HA]4$HA]4$HA]4$HA]4
                                                                                                                                            • API String ID: 0-3459352632
                                                                                                                                            • Opcode ID: e571099d193bcb720785ecee67f0af0fb91ed6800d7dd25c8afc70dca4826e67
                                                                                                                                            • Instruction ID: c86ae20b4a7eef8df397b5d0695001d695fe9134f2333085d3b8e9ae35e0437e
                                                                                                                                            • Opcode Fuzzy Hash: e571099d193bcb720785ecee67f0af0fb91ed6800d7dd25c8afc70dca4826e67
                                                                                                                                            • Instruction Fuzzy Hash: 3FC11A31B1C9584FEB94EF2C94A52B937D2EF9E311B0501BAE58DD7392DD28EC429341
                                                                                                                                            Function 00007FFD346EFA56 Relevance: 8.1, Strings: 6, Instructions: 567COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4$@W]4$@W]4$@W]4$@W]4$`n~4
                                                                                                                                            • API String ID: 0-2862629180
                                                                                                                                            • Opcode ID: 67eea85426cb71049212041b8f0ad2205f568209171c4e6bd7bc222371bf45df
                                                                                                                                            • Instruction ID: bc2869223c21110616bcbc623eaddd20a8babb4012f4bfbbab71d591db17cc4e
                                                                                                                                            • Opcode Fuzzy Hash: 67eea85426cb71049212041b8f0ad2205f568209171c4e6bd7bc222371bf45df
                                                                                                                                            • Instruction Fuzzy Hash: FC02A470B0CA494FE798EF1C84656AAB7D2FF99340F54457EE48DC7292DE34E8418741
                                                                                                                                            Function 00007FFD346E5968 Relevance: 8.1, Strings: 6, Instructions: 559COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4$@W]4$@W]4$@W]4$@W]4$`n~4
                                                                                                                                            • API String ID: 0-2862629180
                                                                                                                                            • Opcode ID: 0dcc67aab0a7e4d2de3aee0c264bcbd3bb8c15c1ebfce45299251e9c6eeb98e1
                                                                                                                                            • Instruction ID: 74e04a6f6c20b67afbd030d35a6f8ca80bade5eece28ac147ee65d4f4bfc5229
                                                                                                                                            • Opcode Fuzzy Hash: 0dcc67aab0a7e4d2de3aee0c264bcbd3bb8c15c1ebfce45299251e9c6eeb98e1
                                                                                                                                            • Instruction Fuzzy Hash: CC029270B0CA498FE7A8EF1C84656AAB7D2FF99340F54457EE48DC7292DE34E8818741
                                                                                                                                            Function 00007FFD346E5918 Relevance: 7.9, Strings: 6, Instructions: 413COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 0n4$8n4$@n4$HA]4$\S_H$w\4
                                                                                                                                            • API String ID: 0-993752705
                                                                                                                                            • Opcode ID: 61af59905b2468bf4d2978c12bb78d4ba9b2d7b22d836b79d01a60a345ef2b77
                                                                                                                                            • Instruction ID: a8a8358852e078be68d29d658826d32e364d11b313aaee0a5bbc35aa839a4988
                                                                                                                                            • Opcode Fuzzy Hash: 61af59905b2468bf4d2978c12bb78d4ba9b2d7b22d836b79d01a60a345ef2b77
                                                                                                                                            • Instruction Fuzzy Hash: 66B15813B0DD960FF7A4AA6C58A52F567C2EFA6314B1900BBD18DCB6E7DC1DAC028341
                                                                                                                                            Function 00007FFD346E5957 Relevance: 6.5, Strings: 5, Instructions: 271COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4$@W]4$@W]4$@W]4$@W]4
                                                                                                                                            • API String ID: 0-1184156816
                                                                                                                                            • Opcode ID: ca12d709f39dfc131d14d0ff4fad7652948aba352cb4af20b2cd6b74d34bea76
                                                                                                                                            • Instruction ID: a2acc3e0ff1e854c9ba6c896a37c226f80eda0edd7f32c54444ebe0a04beaeaa
                                                                                                                                            • Opcode Fuzzy Hash: ca12d709f39dfc131d14d0ff4fad7652948aba352cb4af20b2cd6b74d34bea76
                                                                                                                                            • Instruction Fuzzy Hash: 8F812A72B18D569FE7A8EA1CC0A53E6B3D5FF95348F48053AD08EC7181DE28F8828741
                                                                                                                                            Function 00007FFD346E51EC Relevance: 6.5, Strings: 5, Instructions: 233COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: p8n4$puz4$pwz4$xuz4$xwz4
                                                                                                                                            • API String ID: 0-1254440743
                                                                                                                                            • Opcode ID: 6784bacb89e8a3c922996eb8de0cb40d426cc1bf9a3cd45a6209c463029def62
                                                                                                                                            • Instruction ID: 7261f0a878e77b86ab8841342aa79f7bdaedf8276715a71ab13bb809931d206d
                                                                                                                                            • Opcode Fuzzy Hash: 6784bacb89e8a3c922996eb8de0cb40d426cc1bf9a3cd45a6209c463029def62
                                                                                                                                            • Instruction Fuzzy Hash: B551E953B0F9D50FE3A566ACA8751FA7BD0DF8222571803FBD1C8DA197DC0DA94A8381
                                                                                                                                            Function 00007FFD346E4780 Relevance: 5.7, Strings: 4, Instructions: 683COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4$xWz4$xWz4
                                                                                                                                            • API String ID: 0-509321209
                                                                                                                                            • Opcode ID: 1d0acf2c7df97e1c415a67aa450d882691768be1f8e5d4b6f1c9c442756d22bf
                                                                                                                                            • Instruction ID: 45bc0d420f20b1b0d556f51dcd5cb791d51989b3c0a2cb30a5deacc145159773
                                                                                                                                            • Opcode Fuzzy Hash: 1d0acf2c7df97e1c415a67aa450d882691768be1f8e5d4b6f1c9c442756d22bf
                                                                                                                                            • Instruction Fuzzy Hash: 4F22F631B0CA554FD759DB2CD4A46F67BE1FFA6301F18417AD48EC7292DE28A882C781
                                                                                                                                            Function 00007FFD346F0FE6 Relevance: 5.3, Strings: 4, Instructions: 277COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: n4$Xn4$w\4$w\4
                                                                                                                                            • API String ID: 0-4046911845
                                                                                                                                            • Opcode ID: c060da4bca4fac306c944e40aab2886f777646532abc91974560805cf4982d6f
                                                                                                                                            • Instruction ID: 7ab74becd66422bba4d14f7435e3bdf06fd28431d1d82ca38add816dfb990f00
                                                                                                                                            • Opcode Fuzzy Hash: c060da4bca4fac306c944e40aab2886f777646532abc91974560805cf4982d6f
                                                                                                                                            • Instruction Fuzzy Hash: D7812B62B0DA9A0FE795EF6C94A56F537D2EF96354F0500BAE48CC7293CD29AC42C341
                                                                                                                                            Function 00007FFD346E6C90 Relevance: 5.2, Strings: 4, Instructions: 244COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #T_H$8Kz4$HA]4$HA]4
                                                                                                                                            • API String ID: 0-2837634686
                                                                                                                                            • Opcode ID: 37edb2e536215211717154ffd9e783a0260e10170185567609a2e31fbbad9760
                                                                                                                                            • Instruction ID: 2f39123cdc4787c30d04d361665a51501ef0231f647bca21913d2a1e3ea80276
                                                                                                                                            • Opcode Fuzzy Hash: 37edb2e536215211717154ffd9e783a0260e10170185567609a2e31fbbad9760
                                                                                                                                            • Instruction Fuzzy Hash: A6711C31B1895E8FDF94EF5CC495AAA77E1FF69341B440079E50AD72A1CA28EC819B80
                                                                                                                                            Function 00007FFD346E7D48 Relevance: 4.1, Strings: 3, Instructions: 395COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @n4$HA]4$HA]4
                                                                                                                                            • API String ID: 0-1930444611
                                                                                                                                            • Opcode ID: dd761d07f11483edaf068b7f9365d158a2e8768430c27007120bc81ca813eeb5
                                                                                                                                            • Instruction ID: d8945fcbb7a5aeb7189500ceea7cf1a334f211f44927f890694d68d52f7d1433
                                                                                                                                            • Opcode Fuzzy Hash: dd761d07f11483edaf068b7f9365d158a2e8768430c27007120bc81ca813eeb5
                                                                                                                                            • Instruction Fuzzy Hash: FAB15B73B0DE5A4FEBA49E6C54A52F577D1EFAA390B0401BBD18DC7292DD1DAC029340
                                                                                                                                            Function 00007FFD346ECA60 Relevance: 4.1, Strings: 3, Instructions: 318COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4$HA]4
                                                                                                                                            • API String ID: 0-3609034517
                                                                                                                                            • Opcode ID: 56cc19a104eb4e3db88ca798c468264cfbff5ff0210cce11b7ec0d0c3fcdd767
                                                                                                                                            • Instruction ID: fa463eafaeae7de51a204b6510509cc3a410ab5419382c6af0e924859ecfe7f0
                                                                                                                                            • Opcode Fuzzy Hash: 56cc19a104eb4e3db88ca798c468264cfbff5ff0210cce11b7ec0d0c3fcdd767
                                                                                                                                            • Instruction Fuzzy Hash: 46811B7271CC190FEAA4EB1C94A57FA73D1EF99321B0801B6E40DC7296DD1DAC838341
                                                                                                                                            Function 00007FFD346FD668 Relevance: 4.0, Strings: 3, Instructions: 264COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4$dL_H
                                                                                                                                            • API String ID: 0-1587848021
                                                                                                                                            • Opcode ID: 4d44303915719c7d43d55e5de657804cb680f4cd85a5940ae15a96d257ea8eb8
                                                                                                                                            • Instruction ID: b9ed0ac10f99f4302ce68da3f59cecacdf6a461393ab46e6d767fc72b3436fb8
                                                                                                                                            • Opcode Fuzzy Hash: 4d44303915719c7d43d55e5de657804cb680f4cd85a5940ae15a96d257ea8eb8
                                                                                                                                            • Instruction Fuzzy Hash: 78514D63B0DE5E0FE794DA6C58A91B537C1EF9A26170402BBD04ECB297DD19FC468381
                                                                                                                                            Function 00007FFD346EBD19 Relevance: 4.0, Strings: 3, Instructions: 213COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @a|4$]\4$a|4
                                                                                                                                            • API String ID: 0-1262588850
                                                                                                                                            • Opcode ID: 3aa4932ee8aa338fffee7d476610ee4afac9888e10cc53f0ee344e660f745348
                                                                                                                                            • Instruction ID: f14d8084b7fcd353fab7a32955ae51bc3bf689f173553642c44c63b68c0d72f8
                                                                                                                                            • Opcode Fuzzy Hash: 3aa4932ee8aa338fffee7d476610ee4afac9888e10cc53f0ee344e660f745348
                                                                                                                                            • Instruction Fuzzy Hash: C7512422B0E95E0FEB54DE5C94A51FA7BD2EF96764F18017BD10CDB192CD29E8828340
                                                                                                                                            Function 00007FFD346EA7D2 Relevance: 3.1, Strings: 2, Instructions: 562COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: vX_H$yX_H
                                                                                                                                            • API String ID: 0-3491284542
                                                                                                                                            • Opcode ID: 3d751ac998bfa47945df3d2bf2d2d0a34bdf6922c2c60fd06ae301a07e96fe2d
                                                                                                                                            • Instruction ID: 1ba2ae65c51cf9822973ec2db3946e1dab7fa19a67ad9e9e0c0b7eaa00f20f3a
                                                                                                                                            • Opcode Fuzzy Hash: 3d751ac998bfa47945df3d2bf2d2d0a34bdf6922c2c60fd06ae301a07e96fe2d
                                                                                                                                            • Instruction Fuzzy Hash: F212FF71E189698FEBA4DA5C98A97E963F1EB99310F1401F6D14DD3292CE386DC29B00
                                                                                                                                            Function 00007FFD346F55B8 Relevance: 3.0, Strings: 2, Instructions: 454COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 8Kz4$HA]4
                                                                                                                                            • API String ID: 0-3858541388
                                                                                                                                            • Opcode ID: 3098137edd5cfb7554dcd713b391e0b73e34e927caa967ed0f678a133581f81d
                                                                                                                                            • Instruction ID: e7b1df9bf6b10ccaaf67166b34d7412bcb610741b0c25bdf6dfbf452a5e198a7
                                                                                                                                            • Opcode Fuzzy Hash: 3098137edd5cfb7554dcd713b391e0b73e34e927caa967ed0f678a133581f81d
                                                                                                                                            • Instruction Fuzzy Hash: B5E1B322B1CA264BE7A89A2894F12F977D2EF46310F65457AC5CFC61C3DD2D7C826381
                                                                                                                                            Function 00007FFD346E6CD0 Relevance: 2.9, Strings: 2, Instructions: 400COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4
                                                                                                                                            • API String ID: 0-2391110467
                                                                                                                                            • Opcode ID: af7cfc60f97a0fdbffc18412a1e5d797f93be26d06b860cbae051bee395eb68a
                                                                                                                                            • Instruction ID: 4e496bbf0d03449a73d26b5593348cac8d4d08fe3a3da4f6268fda6031f043c7
                                                                                                                                            • Opcode Fuzzy Hash: af7cfc60f97a0fdbffc18412a1e5d797f93be26d06b860cbae051bee395eb68a
                                                                                                                                            • Instruction Fuzzy Hash: 50C1F631B1CA594FDB54EF2C98955E97BE1FF9A300B04017AE58EC7292DE28FC418781
                                                                                                                                            Function 00007FFD346E7D58 Relevance: 2.9, Strings: 2, Instructions: 387COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: H$HA]4
                                                                                                                                            • API String ID: 0-1741807855
                                                                                                                                            • Opcode ID: b53515bb26aaf03842ca83ee37b783d68ac862026601cf0d273079f5b989ae62
                                                                                                                                            • Instruction ID: 199f286bfc679fb5feff304edc18855d047b81e262abd5d1eae01812df94424b
                                                                                                                                            • Opcode Fuzzy Hash: b53515bb26aaf03842ca83ee37b783d68ac862026601cf0d273079f5b989ae62
                                                                                                                                            • Instruction Fuzzy Hash: 3BB13B2270C9590FEB98EE5C88A66F937D1EF96350B0001BAD98EC7297DD19EC428781
                                                                                                                                            Function 00007FFD346E6FE0 Relevance: 2.8, Strings: 2, Instructions: 323COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4$HA]4
                                                                                                                                            • API String ID: 0-2408180215
                                                                                                                                            • Opcode ID: a7fa98569bc8ea281ee9b27304fc81ef24361c517f780160cd780225756e8414
                                                                                                                                            • Instruction ID: be7baafac59fe73ffe63e2fd96ded2ca213642d4fb4c405cd309adf4b7600c13
                                                                                                                                            • Opcode Fuzzy Hash: a7fa98569bc8ea281ee9b27304fc81ef24361c517f780160cd780225756e8414
                                                                                                                                            • Instruction Fuzzy Hash: DB81AF62A0EBC54FE7579B6858701A57FF0AF5320571D40FBD488CF1A7CA1DA84AD311
                                                                                                                                            Function 00007FFD346F1581 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: y\4$0n4
                                                                                                                                            • API String ID: 0-3052909747
                                                                                                                                            • Opcode ID: dc8e7fb120485f27f243a4a232b5140d6db0cf846e51525eef403394a7d931d1
                                                                                                                                            • Instruction ID: 450844a8e91e3bd037296075af07a891f22ce4361f10aa62f6b40d1ee56d1221
                                                                                                                                            • Opcode Fuzzy Hash: dc8e7fb120485f27f243a4a232b5140d6db0cf846e51525eef403394a7d931d1
                                                                                                                                            • Instruction Fuzzy Hash: 8C513962F1D9994FE795DF2C58B42F57BE2EF96354B1801BAD08DD72C2DD28AC028381
                                                                                                                                            Function 00007FFD346F9008 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4
                                                                                                                                            • API String ID: 0-2391110467
                                                                                                                                            • Opcode ID: 9825d83ea7de87db9e0e9608f69f332ae8a5e302e14c2e8fac649adb060732a6
                                                                                                                                            • Instruction ID: e97ba49f03b95e7a3949308a0a69830986d691994d5981293fda73166ce02f4a
                                                                                                                                            • Opcode Fuzzy Hash: 9825d83ea7de87db9e0e9608f69f332ae8a5e302e14c2e8fac649adb060732a6
                                                                                                                                            • Instruction Fuzzy Hash: DD610212A1DAC50FE7669B3C58683A57BE1EF97224F0841BFC1C9C72D3C919A84AD742
                                                                                                                                            Function 00007FFD346E7D00 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: y\4$0n4
                                                                                                                                            • API String ID: 0-3052909747
                                                                                                                                            • Opcode ID: 360e3e71f6435f3307f29a4f5b5c64c94cd094c1a7dffb5de0dd720fb44a9296
                                                                                                                                            • Instruction ID: 9125ec2e342b8ab7f6080550a2ebb875a9845c2baf3bfa06bda36455bec539f0
                                                                                                                                            • Opcode Fuzzy Hash: 360e3e71f6435f3307f29a4f5b5c64c94cd094c1a7dffb5de0dd720fb44a9296
                                                                                                                                            • Instruction Fuzzy Hash: E851E462F18D294FEB94EE6C94A52F973D2EFA9344F18017AD54DD7286DD29BC028380
                                                                                                                                            Function 00007FFD346E2C98 Relevance: 2.6, Strings: 2, Instructions: 125COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$xWz4
                                                                                                                                            • API String ID: 0-3166758469
                                                                                                                                            • Opcode ID: cddd2d046b903de4a9b19c2c13cfef7944b718d9295ab189951cc28c2c2b4834
                                                                                                                                            • Instruction ID: 8f2bdbb388716462c5e14e8bb38ff622b2fb3cb352cb0edbb01003ae345037a1
                                                                                                                                            • Opcode Fuzzy Hash: cddd2d046b903de4a9b19c2c13cfef7944b718d9295ab189951cc28c2c2b4834
                                                                                                                                            • Instruction Fuzzy Hash: C2318132B18C2D4FDB94EB6C94997FA73E1FB99311F0801B6E80ED7295DE28AC415780
                                                                                                                                            Function 00007FFD346FF5B0 Relevance: 2.1, Strings: 1, Instructions: 881COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ,L_L
                                                                                                                                            • API String ID: 0-4033476382
                                                                                                                                            • Opcode ID: 4d6ad36d8425d63389bbc61456199eb5a719f369d1e5b64aba90b884a8db7d39
                                                                                                                                            • Instruction ID: f5d317b4a6ab7509eee20331aca23d292089d5da2bc0eca51d83fdfaa292027f
                                                                                                                                            • Opcode Fuzzy Hash: 4d6ad36d8425d63389bbc61456199eb5a719f369d1e5b64aba90b884a8db7d39
                                                                                                                                            • Instruction Fuzzy Hash: 6FD14862B0CA4A0FE759EE2C98A51F937D5EF9A354B14007FE48DC3297ED29E8038341
                                                                                                                                            Function 00007FFD346EF5FA Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4
                                                                                                                                            • API String ID: 0-4244793528
                                                                                                                                            • Opcode ID: 2485bf980e9d4d94d67434fd59934bcf507cea043986770b2366aa27f649635c
                                                                                                                                            • Instruction ID: 8ebb0985f0fea472431ae7aaa0dc9d672033f99f54f5f2456a3ec92b29570e74
                                                                                                                                            • Opcode Fuzzy Hash: 2485bf980e9d4d94d67434fd59934bcf507cea043986770b2366aa27f649635c
                                                                                                                                            • Instruction Fuzzy Hash: C7316D32B0CF854BE754AA1888692E7B7D5FFD9354F08057BD18DC7191DE28F8858382
                                                                                                                                            Function 00007FFD346EC419 Relevance: 1.8, Strings: 1, Instructions: 501COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ^
                                                                                                                                            • API String ID: 0-1590793086
                                                                                                                                            • Opcode ID: a30a1bb9cf76a2ae52f52c150b2991fd227365a085193047654e063c5e498769
                                                                                                                                            • Instruction ID: af4ea7220797a014c35732abaf57d2e5a91d5ff3e8fd3d8bd9c492a9fe1cb6c9
                                                                                                                                            • Opcode Fuzzy Hash: a30a1bb9cf76a2ae52f52c150b2991fd227365a085193047654e063c5e498769
                                                                                                                                            • Instruction Fuzzy Hash: 24E1A617B0D5A64AE6227A6DB9B50FB3BD0DF8323AB1C0177D2CCCA0D3DD1C64869691
                                                                                                                                            Function 00007FFD346ED35F Relevance: 1.7, Strings: 1, Instructions: 427COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @W]4
                                                                                                                                            • API String ID: 0-4244793528
                                                                                                                                            • Opcode ID: 848b715acecd481eff80fc5fc66c2f9a2e261c4c4d598697e0417e0e86f028e0
                                                                                                                                            • Instruction ID: ef247117d522beb14891441e07211067770179820886f254e4a14b19e4fea0a8
                                                                                                                                            • Opcode Fuzzy Hash: 848b715acecd481eff80fc5fc66c2f9a2e261c4c4d598697e0417e0e86f028e0
                                                                                                                                            • Instruction Fuzzy Hash: 87D19221B1895A4FEB94EF2C80A5AF533D1EF69304F1841BAD54ECB297DD28EC85C780
                                                                                                                                            Function 00007FFD346EC0E0 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4
                                                                                                                                            • API String ID: 0-538812309
                                                                                                                                            • Opcode ID: f98d312ba6dce521b9df307622a4147106d29ac19ddcb0173f030be23ef5308f
                                                                                                                                            • Instruction ID: 130534a95f832138177fbe2999c968231754bdd2f11839cf6dd893ec8ffdbe18
                                                                                                                                            • Opcode Fuzzy Hash: f98d312ba6dce521b9df307622a4147106d29ac19ddcb0173f030be23ef5308f
                                                                                                                                            • Instruction Fuzzy Hash: 38B13723F0DD6A0FFBA5AA5C54B82F623C1EFAA25171801B7D54DC72D6DC1DAC825340
                                                                                                                                            Function 00007FFD346EB09A Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: d
                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                            • Opcode ID: 872cf62b21db9d6588d543f3671b77ef6c13ac7ee91fad5cfe4c341c37cf9469
                                                                                                                                            • Instruction ID: 99bda0de59497fd0c96f41613f51838e760668e64b2977bc775cd15c21e3eee4
                                                                                                                                            • Opcode Fuzzy Hash: 872cf62b21db9d6588d543f3671b77ef6c13ac7ee91fad5cfe4c341c37cf9469
                                                                                                                                            • Instruction Fuzzy Hash: 61D16430A1DB464FE769DF1C85A05B673E1FF96310B1805BED18AC7196DE39F8828781
                                                                                                                                            Function 00007FFD346E93B0 Relevance: 1.6, Strings: 1, Instructions: 391COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: d
                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                            • Opcode ID: 8e3b2f8fa11c1a940efdfa115eb809299f5d8d122e128f3422eaf249d4901b2d
                                                                                                                                            • Instruction ID: ee97e7ed4b9544b06e36bdc251a9b77fe04818323dea91236d0320fc55454f55
                                                                                                                                            • Opcode Fuzzy Hash: 8e3b2f8fa11c1a940efdfa115eb809299f5d8d122e128f3422eaf249d4901b2d
                                                                                                                                            • Instruction Fuzzy Hash: 86C1003061CB458FD768DF08D5915B6B3E1FF9A710B18457DD28AC329ADA39F882CB81
                                                                                                                                            Function 00007FFD346E09FF Relevance: 1.6, Strings: 1, Instructions: 381COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #CN_^
                                                                                                                                            • API String ID: 0-2341464291
                                                                                                                                            • Opcode ID: 09c96cf7e59a593b405565d1e20ad8c8ab36f33fb43adc17803b2b7e167fac68
                                                                                                                                            • Instruction ID: 1a2306553ef995cd9cc702c151e4f051c6295bb68a4f951601af27620926e44e
                                                                                                                                            • Opcode Fuzzy Hash: 09c96cf7e59a593b405565d1e20ad8c8ab36f33fb43adc17803b2b7e167fac68
                                                                                                                                            • Instruction Fuzzy Hash: DCD13530B189298FEB54EB68D1A57E972E2EF95308F544079D50EDB2D2CE39AC818B41
                                                                                                                                            Function 00007FFD346F9860 Relevance: 1.6, Strings: 1, Instructions: 378COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: d
                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                            • Opcode ID: 716be22a55cbde866e14090465be528154e7927266ca46424d714d563d27f319
                                                                                                                                            • Instruction ID: 06c55b63ed6abdbdec5169ec051ad947e9e5bd393e43f6c12e789beb0978b725
                                                                                                                                            • Opcode Fuzzy Hash: 716be22a55cbde866e14090465be528154e7927266ca46424d714d563d27f319
                                                                                                                                            • Instruction Fuzzy Hash: D2B1E031A1CB098FD768EF18C4A1576B3E1FF96700B24497DD18AC3696DA39F8438B81
                                                                                                                                            Function 00007FFD346E6D10 Relevance: 1.6, Strings: 1, Instructions: 356COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 8Kz4
                                                                                                                                            • API String ID: 0-2624587962
                                                                                                                                            • Opcode ID: d73851dd2f08909c4489141e0c915bb3a60e77642ac43eae4f9af62ac153dab3
                                                                                                                                            • Instruction ID: bdd851a7b5d359a94680916e0aea99f8cd3cd9e637a502dd2e7a7aa69ccbc9b4
                                                                                                                                            • Opcode Fuzzy Hash: d73851dd2f08909c4489141e0c915bb3a60e77642ac43eae4f9af62ac153dab3
                                                                                                                                            • Instruction Fuzzy Hash: 3EA1F672B1CA184FEB58DE1CA8966F977D1FF9A310F04017FE58AD3291DA25F8418782
                                                                                                                                            Function 00007FFD346F27FA Relevance: 1.5, Strings: 1, Instructions: 297COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ({|4
                                                                                                                                            • API String ID: 0-3193445683
                                                                                                                                            • Opcode ID: 1e2d7790b793bfd032ad47c9088f704ac5327d85b4542844c584b446e0fe1a7c
                                                                                                                                            • Instruction ID: 09ed1d7b1f2d0051d461cdb0631380dcce1caf613e4b6662c5cf1126236545a6
                                                                                                                                            • Opcode Fuzzy Hash: 1e2d7790b793bfd032ad47c9088f704ac5327d85b4542844c584b446e0fe1a7c
                                                                                                                                            • Instruction Fuzzy Hash: 7B815962B1C9A50FE7A5EB2C94E65FA37D0EF56711B040177E1CEC3193DD1CA8468781
                                                                                                                                            Function 00007FFD346ED173 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: rM_^
                                                                                                                                            • API String ID: 0-700486896
                                                                                                                                            • Opcode ID: 99cf175e0b3e12a6acd74e001f573f7f7ae50efbfa2ee9031d259c72bcdd4c46
                                                                                                                                            • Instruction ID: 3b2a7773dca187d1fd3848464403a6ada52852a4aa9623b14143b6efbac19e5a
                                                                                                                                            • Opcode Fuzzy Hash: 99cf175e0b3e12a6acd74e001f573f7f7ae50efbfa2ee9031d259c72bcdd4c46
                                                                                                                                            • Instruction Fuzzy Hash: A1619817B0D5A60AE7627A6CE4F51EB3BA0DF8222A71C41B7D2CCDE093DC0C6486C295
                                                                                                                                            Function 00007FFD346F28E8 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: ({|4
                                                                                                                                            • API String ID: 0-3193445683
                                                                                                                                            • Opcode ID: 33ba9450cc60db651429752fd27a286d4f6c2a497d8e6db47802a35ab0124163
                                                                                                                                            • Instruction ID: ae27f3bb9a8e2506be643a4273661e8bbb970610b35eef5539262372a3aeb1f6
                                                                                                                                            • Opcode Fuzzy Hash: 33ba9450cc60db651429752fd27a286d4f6c2a497d8e6db47802a35ab0124163
                                                                                                                                            • Instruction Fuzzy Hash: 7F51E621B1C9594FDBA5EA2D94A56FA3BD1EF99700F1401BAF48EC3297CD2CEC418781
                                                                                                                                            Function 00007FFD346FEDBD Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #CN_^
                                                                                                                                            • API String ID: 0-2341464291
                                                                                                                                            • Opcode ID: 14b488ac5eb3dd3b58f003a742b7206dd34e9aae288539c9225daece43602c64
                                                                                                                                            • Instruction ID: 69aa63612d843e25a4e4bbae4320278e526697e10f405e1f5eb9cb215ceda5d5
                                                                                                                                            • Opcode Fuzzy Hash: 14b488ac5eb3dd3b58f003a742b7206dd34e9aae288539c9225daece43602c64
                                                                                                                                            • Instruction Fuzzy Hash: 1451D132B189154FE764EB68D4617F937D2EF96358F180179E14ECB2D2CE39AC418781
                                                                                                                                            Function 00007FFD346E39FA Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: N_^
                                                                                                                                            • API String ID: 0-2232263386
                                                                                                                                            • Opcode ID: 93de3cc536457b21eb94f54c9861f916f5a058702adad56f2eefd949f59e1f0c
                                                                                                                                            • Instruction ID: deb8f0076b7afd5f14b3fd02472562f2a91466f207b887d30f25d558781ea347
                                                                                                                                            • Opcode Fuzzy Hash: 93de3cc536457b21eb94f54c9861f916f5a058702adad56f2eefd949f59e1f0c
                                                                                                                                            • Instruction Fuzzy Hash: 2E41D822B0C5764BD7627AECB4751EBBBE0DFD6369F180177D288D9183CD1868C58390
                                                                                                                                            Function 00007FFD346E109D Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                            • Opcode ID: 2c8b9a418b118ef8d199ffababfe8c6203956f5c1fda39b356c736d7cf8c1da0
                                                                                                                                            • Instruction ID: 302dd884c1f225c74160888e12e71252b97f489ec4a0b41c25c9b88a0aca60ea
                                                                                                                                            • Opcode Fuzzy Hash: 2c8b9a418b118ef8d199ffababfe8c6203956f5c1fda39b356c736d7cf8c1da0
                                                                                                                                            • Instruction Fuzzy Hash: 5851BE6014E3C21FD3535BB495606923FE69F87224B1E40EFD5C5CF1A3C66E984AC352
                                                                                                                                            Function 00007FFD346E90CA Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: `&|4
                                                                                                                                            • API String ID: 0-2224869378
                                                                                                                                            • Opcode ID: 9dd7989f97da25e6c35f0b436349ec2c1ca28ab13402b384e9d5f1b2fa03f91c
                                                                                                                                            • Instruction ID: b8e29cc2f76741db602d1516702c6672c072043a6b3ac480592660af8a04a4a9
                                                                                                                                            • Opcode Fuzzy Hash: 9dd7989f97da25e6c35f0b436349ec2c1ca28ab13402b384e9d5f1b2fa03f91c
                                                                                                                                            • Instruction Fuzzy Hash: 47414F3170881D4FEBE4EE4CE598BA573D1EF99360B1805BBD54DC73A5C929DC868B40
                                                                                                                                            Function 00007FFD346E5A71 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4
                                                                                                                                            • API String ID: 0-538812309
                                                                                                                                            • Opcode ID: 9b3e39d7111f0d203935df501f89c3f12f9f67e92a253b4c56770db6dd92cbcf
                                                                                                                                            • Instruction ID: f1e45996f0b66e48579d4da050dc56a01d3f10b2f0e64011aadb4646826eab10
                                                                                                                                            • Opcode Fuzzy Hash: 9b3e39d7111f0d203935df501f89c3f12f9f67e92a253b4c56770db6dd92cbcf
                                                                                                                                            • Instruction Fuzzy Hash: 3E41A122B0D95A4FEBE4EA6C95B52BA73D1EF9A210B48017AD54DC3286DD1CA8829341
                                                                                                                                            Function 00007FFD346E8478 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4
                                                                                                                                            • API String ID: 0-538812309
                                                                                                                                            • Opcode ID: bd586ec65f0b33ea4ffd0a4aff97c4b24659c9bc5e239c350311fe9c19ab0715
                                                                                                                                            • Instruction ID: c5da9ec9599a6bc69b9a24476e73c5a6dbd8c0ddd03e0cfe5af162818e6122e4
                                                                                                                                            • Opcode Fuzzy Hash: bd586ec65f0b33ea4ffd0a4aff97c4b24659c9bc5e239c350311fe9c19ab0715
                                                                                                                                            • Instruction Fuzzy Hash: 8F313B63F1896A0FE794EE2C94A92FE37D0EB95750F08057BD44DC71A1EE1C98C25345
                                                                                                                                            Function 00007FFD346EDC60 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: `Yn4
                                                                                                                                            • API String ID: 0-2747633596
                                                                                                                                            • Opcode ID: 2e264b32547452d16c2c53e14c3dd2da5b42951b76c9f7cdaa6f5e9229c684dd
                                                                                                                                            • Instruction ID: 3fe155996d37e875c81bcbe3e4ab299a143e74d4e0280f507b6e7539806a41c8
                                                                                                                                            • Opcode Fuzzy Hash: 2e264b32547452d16c2c53e14c3dd2da5b42951b76c9f7cdaa6f5e9229c684dd
                                                                                                                                            • Instruction Fuzzy Hash: D2418130718A568FDBA5EB2DC0A4EB273D2EF56304B5845B9D14ECB2A7CD29F881C740
                                                                                                                                            Function 00007FFD346E7C50 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4
                                                                                                                                            • API String ID: 0-538812309
                                                                                                                                            • Opcode ID: 2ffd0e7a539549ae1ee9b7a3d699a4f1e7c0c83d12d669fb9521f05758e708a5
                                                                                                                                            • Instruction ID: 8f6cb571ae2499779378dd7019113c1225fd2ef0e960db927eff782a4442fb7c
                                                                                                                                            • Opcode Fuzzy Hash: 2ffd0e7a539549ae1ee9b7a3d699a4f1e7c0c83d12d669fb9521f05758e708a5
                                                                                                                                            • Instruction Fuzzy Hash: 7331F622B0D5654FE765AB6CE8A11EB3BE0DF82225B0C01F7D58CCB193DC0C68868390
                                                                                                                                            Function 00007FFD346F44A1 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @n4
                                                                                                                                            • API String ID: 0-1178827474
                                                                                                                                            • Opcode ID: 486183061257f3dadb93982c9bbfacae16d3a0c6c989d51de5ef68cd7dcef457
                                                                                                                                            • Instruction ID: 869a7bb86f71110508e86ec670a26fb130c30c5935c846a17d1e2d3e351d703a
                                                                                                                                            • Opcode Fuzzy Hash: 486183061257f3dadb93982c9bbfacae16d3a0c6c989d51de5ef68cd7dcef457
                                                                                                                                            • Instruction Fuzzy Hash: 4B31F553B1EA950BE791EA6C58B52F02BC1EFAA21870900FBD5DCCB6A7DC18AC419341
                                                                                                                                            Function 00007FFD346E49F2 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: xWz4
                                                                                                                                            • API String ID: 0-307759763
                                                                                                                                            • Opcode ID: 09807b5f25c46ef69519b7d4786120b596f3647a5cca843468c32a6327169bd0
                                                                                                                                            • Instruction ID: bdb3e66aa361880e4404a9ce27f325bd0463c42313ce46be739d388359c9a7d5
                                                                                                                                            • Opcode Fuzzy Hash: 09807b5f25c46ef69519b7d4786120b596f3647a5cca843468c32a6327169bd0
                                                                                                                                            • Instruction Fuzzy Hash: 0431C131B0DA684FDB95EB2C98A86EA77E1FB5A310F0901B7E40DC7296CD289C448781
                                                                                                                                            Function 00007FFD346F7520 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4
                                                                                                                                            • API String ID: 0-538812309
                                                                                                                                            • Opcode ID: 5b0b5211b1940fb78a9ddaefabcec34f8b53778d3b6ae4487d5ff1f5967fc866
                                                                                                                                            • Instruction ID: 498e70b6d5f4529de8bb810b4bdd5c801d60cdaf5828afb60a9f195d6b0c5a46
                                                                                                                                            • Opcode Fuzzy Hash: 5b0b5211b1940fb78a9ddaefabcec34f8b53778d3b6ae4487d5ff1f5967fc866
                                                                                                                                            • Instruction Fuzzy Hash: 0D31BE2061CB854FDB62DF7884A56A57BE2EF07301B0980FAC18ACB193DE2DEC06D741
                                                                                                                                            Function 00007FFD346FF0E0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #CN_^
                                                                                                                                            • API String ID: 0-2341464291
                                                                                                                                            • Opcode ID: e1b9cebd9f4fb0ddb0bc84f590b0c5d88f123d7fa974c57d26f283f07e74f776
                                                                                                                                            • Instruction ID: ca532819fe07da5680f4abcc9bfcc14d4f21dee364061bcd6d373293dbbe3ddc
                                                                                                                                            • Opcode Fuzzy Hash: e1b9cebd9f4fb0ddb0bc84f590b0c5d88f123d7fa974c57d26f283f07e74f776
                                                                                                                                            • Instruction Fuzzy Hash: 13117321B189258FE798FA6850613B962839F9B34CF684079D40ADB783CD3AEC854791
                                                                                                                                            Function 00007FFD346FF1E0 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: #CN_^
                                                                                                                                            • API String ID: 0-2341464291
                                                                                                                                            • Opcode ID: ad7151ee11284f6e8b59284b613f8595f5b1c66bb99b882cf02e23540ff2ff83
                                                                                                                                            • Instruction ID: 029135a9d181deaf805c803a0ffdf7c7a17256578fcab26b6bf2537a9729ba76
                                                                                                                                            • Opcode Fuzzy Hash: ad7151ee11284f6e8b59284b613f8595f5b1c66bb99b882cf02e23540ff2ff83
                                                                                                                                            • Instruction Fuzzy Hash: CF015A30B294224BE658BBA891A13F522935F9734CFA80078D50B9F6D3CD3F6C859752
                                                                                                                                            Function 00007FFD346E4D51 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: P\z4
                                                                                                                                            • API String ID: 0-2072732323
                                                                                                                                            • Opcode ID: a0a39a7bc2a2b317f988220c76588c796a36c7478809d2f1d7d4fed93f694945
                                                                                                                                            • Instruction ID: ab1af0ac9d4c64834a03e0d9e33034bb9fb91ff6992326b036a6a385e3b3bf76
                                                                                                                                            • Opcode Fuzzy Hash: a0a39a7bc2a2b317f988220c76588c796a36c7478809d2f1d7d4fed93f694945
                                                                                                                                            • Instruction Fuzzy Hash: 65F0FF3191C1886FEB11DF6888A91EA7FF0EF86200F0841F7D948CB192CE28A9858341
                                                                                                                                            Function 00007FFD346FBE9B Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 8Hn4
                                                                                                                                            • API String ID: 0-2962776502
                                                                                                                                            • Opcode ID: c9ab2f612cc9bf46005132945a4ee9ecb9f674f340a5c42b72f9e31b6fa17ad2
                                                                                                                                            • Instruction ID: bb7ffc001fa78f0a15daa5019ee07b34d5243934611d5145d8ebafd7628def28
                                                                                                                                            • Opcode Fuzzy Hash: c9ab2f612cc9bf46005132945a4ee9ecb9f674f340a5c42b72f9e31b6fa17ad2
                                                                                                                                            • Instruction Fuzzy Hash: C6F0A773B1D62D0FA648AE1C24521FD73C2DB8A520B10416FC5CFC7142DC19A8075381
                                                                                                                                            Function 00007FFD346EB4C4 Relevance: .3, Instructions: 312COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: dbb3276ea0d60e1af4a5f088977be0c8e7280c4a969778fe6697d587ce37509f
                                                                                                                                            • Instruction ID: c623e293b1a559e4b00073aafe4298526e82b2b4e621f9572afb1387efa4b692
                                                                                                                                            • Opcode Fuzzy Hash: dbb3276ea0d60e1af4a5f088977be0c8e7280c4a969778fe6697d587ce37509f
                                                                                                                                            • Instruction Fuzzy Hash: 31914631B19B4A4FD768DF2CD4A55B677D0FF56714B18067ED08AC3292EE28F8828780
                                                                                                                                            Function 00007FFD346FB784 Relevance: .3, Instructions: 305COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0842aca863413664a4201d6431a51eda1107a105bf70acdeb2d2ff2750ce2d9e
                                                                                                                                            • Instruction ID: 8965297ad2470f84f6159fd51f7d86f962991876a73d1bc07a02192e05175a4b
                                                                                                                                            • Opcode Fuzzy Hash: 0842aca863413664a4201d6431a51eda1107a105bf70acdeb2d2ff2750ce2d9e
                                                                                                                                            • Instruction Fuzzy Hash: 46913432B18B4A4FD764DE2CC4A55B573D0FF96710B54467ED0DAC3282DE28F8428780
                                                                                                                                            Function 00007FFD346E9750 Relevance: .3, Instructions: 302COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 414ddf7cf30e2ecad595fbc0ed77832c3f1eef05359849759b3edac083281b3d
                                                                                                                                            • Instruction ID: 954447e23190f763d79cec8fdb5a530a770876cbd9f2ccc4813e3a80c68d8c09
                                                                                                                                            • Opcode Fuzzy Hash: 414ddf7cf30e2ecad595fbc0ed77832c3f1eef05359849759b3edac083281b3d
                                                                                                                                            • Instruction Fuzzy Hash: 9881F763B0EA9A0EEB55AD1C69B11F737D0DF93664B08017BD5CDCB193EC19A8868640
                                                                                                                                            Function 00007FFD346E9430 Relevance: .3, Instructions: 301COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 33265c1f2b3078b301c98d4d20cf40102c2cf900d1767983dc930fc7af1c5f67
                                                                                                                                            • Instruction ID: b52e9d9e222adf965dc06e97d865ff588dc1f540a713040fa4bfad360fc32e34
                                                                                                                                            • Opcode Fuzzy Hash: 33265c1f2b3078b301c98d4d20cf40102c2cf900d1767983dc930fc7af1c5f67
                                                                                                                                            • Instruction Fuzzy Hash: C6815431B1DB494FD768DE2CA4915F677D0EB96714F18067ED08AC3292DE29F8828780
                                                                                                                                            Function 00007FFD346FBAC5 Relevance: .3, Instructions: 285COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3d29bc034a66db47d0d418f9b98fe8d6ef2d0f935587a1eeeb90bed670c67e59
                                                                                                                                            • Instruction ID: 5014f4a22ee9c4d115c696197cb877972152ae5fbe67b419db73f00d9bedea98
                                                                                                                                            • Opcode Fuzzy Hash: 3d29bc034a66db47d0d418f9b98fe8d6ef2d0f935587a1eeeb90bed670c67e59
                                                                                                                                            • Instruction Fuzzy Hash: 5581453260DA4A4FE3599F2898956B177E0FF57320B0802BEC59DC71A7EE2DB842C741
                                                                                                                                            Function 00007FFD346E1289 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 66791932cef43be65993a39753247962c6b3ea2b9f0f7a438706bb19f3e1b8c9
                                                                                                                                            • Instruction ID: c479aa6da95e12566a52f1904f71d11637647674d9b81f6982e5bd9bc8115993
                                                                                                                                            • Opcode Fuzzy Hash: 66791932cef43be65993a39753247962c6b3ea2b9f0f7a438706bb19f3e1b8c9
                                                                                                                                            • Instruction Fuzzy Hash: 4C814822B0D9994FD751EF2C98A46E5BBE1EF9730471D40FBD089CB2A3D929EC859340
                                                                                                                                            Function 00007FFD346FB28C Relevance: .2, Instructions: 236COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8798967f3ad478e4be47e096256402e024d3968add5c3e684722c742f0354549
                                                                                                                                            • Instruction ID: b246c6a9d1a66289d48f6d126c260dd947f87f05dcf6c76194eac27706752c9e
                                                                                                                                            • Opcode Fuzzy Hash: 8798967f3ad478e4be47e096256402e024d3968add5c3e684722c742f0354549
                                                                                                                                            • Instruction Fuzzy Hash: 9C61F432A1DA994FEBA5DB2888A57B977E1EF96300F0401BED18DC7293CD2CAC458751
                                                                                                                                            Function 00007FFD346FAFFA Relevance: .2, Instructions: 226COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 24eea7d2d639c836d9244229415306b6933d5b02f26f90893b0c0e732fbac714
                                                                                                                                            • Instruction ID: 80657d54fb47e1052a65d3eae54172ab0b7f0a29f52dffd08932d473262a3cfd
                                                                                                                                            • Opcode Fuzzy Hash: 24eea7d2d639c836d9244229415306b6933d5b02f26f90893b0c0e732fbac714
                                                                                                                                            • Instruction Fuzzy Hash: C071E472E0DAA94FE765DF6C98A53E877A0FF56350F0400BAC18CD7193DE2C28429B41
                                                                                                                                            Function 00007FFD346E8F25 Relevance: .2, Instructions: 221COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 856d567f3f5c0a313e7ef240823e0eeec86da15b56c1a329c1de1e7ba34fb79e
                                                                                                                                            • Instruction ID: 0c9ac48b82170e60ec028e41f1905bb67268a26cdc36c9a3f768982f90de2918
                                                                                                                                            • Opcode Fuzzy Hash: 856d567f3f5c0a313e7ef240823e0eeec86da15b56c1a329c1de1e7ba34fb79e
                                                                                                                                            • Instruction Fuzzy Hash: 1051D021B0CD1A4FEBE4EA1C94E4AB533D2FF9932075805BBD54DCB2A6CD19EC818780
                                                                                                                                            Function 00007FFD346E47C8 Relevance: .2, Instructions: 214COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0d90485b8798d7babb4552b03a5f3e983afa4381795d5b3fca138fae8983bb1a
                                                                                                                                            • Instruction ID: 1b62a66049b0ca6d0de70dbd356f6d1cff34e9893432dac7311cfb1248b895c0
                                                                                                                                            • Opcode Fuzzy Hash: 0d90485b8798d7babb4552b03a5f3e983afa4381795d5b3fca138fae8983bb1a
                                                                                                                                            • Instruction Fuzzy Hash: 9961E032708B154BDB58DE18C4E5AF6B3E1FF96300F10467ED58AC7292DE29F8469B81
                                                                                                                                            Function 00007FFD346E9440 Relevance: .2, Instructions: 214COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d869bee358e0c8a93970a4d526e5271c4c28e2e7370f6b599c9d67531af7e9c2
                                                                                                                                            • Instruction ID: c0ede888c810355dcc142663c2f782f73565417cdb835a966febd98f34f36f33
                                                                                                                                            • Opcode Fuzzy Hash: d869bee358e0c8a93970a4d526e5271c4c28e2e7370f6b599c9d67531af7e9c2
                                                                                                                                            • Instruction Fuzzy Hash: D2513531719A1A4FEB58DF1CD9D46B673E0FF9A710B18027DD64DC3252D929F8829780
                                                                                                                                            Function 00007FFD346F1D91 Relevance: .2, Instructions: 200COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ad2116cbda89099eae0d296dc75c7ab5f562d096daf6b1fe244280f8c32931c1
                                                                                                                                            • Instruction ID: addb776b35f0d442f7e1c8e80eff8426d420135a072d12138d9c1732d8bc69e9
                                                                                                                                            • Opcode Fuzzy Hash: ad2116cbda89099eae0d296dc75c7ab5f562d096daf6b1fe244280f8c32931c1
                                                                                                                                            • Instruction Fuzzy Hash: 0751E42170C9594FEB95EF6C88A46F537E1EF96351B1401BAD58EC7297CD28EC42C380
                                                                                                                                            Function 00007FFD346E6DD3 Relevance: .2, Instructions: 197COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8a75c80108e065e5bc80bc9ed84716dfa6660f7139ebfd452af4f1050cd69fd8
                                                                                                                                            • Instruction ID: 66457b60c43bdfa8f9b18c6d9e5b11606e953150bc2721dec20ddd721b6b2c39
                                                                                                                                            • Opcode Fuzzy Hash: 8a75c80108e065e5bc80bc9ed84716dfa6660f7139ebfd452af4f1050cd69fd8
                                                                                                                                            • Instruction Fuzzy Hash: 1D415063B0D9AA0BE765A65DA9F91FB7BD0DF92225B4C0277D288C21D3DC0D68478390
                                                                                                                                            Function 00007FFD346E6738 Relevance: .2, Instructions: 183COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 70960cb271b1a81496b8bd6c573c4f1061f579fc44150f7aa0497b9e8ae399d9
                                                                                                                                            • Instruction ID: db49980c409cb4bfee4a1c2cc54d190606229a2fafe3c368a05423ffa423f2a9
                                                                                                                                            • Opcode Fuzzy Hash: 70960cb271b1a81496b8bd6c573c4f1061f579fc44150f7aa0497b9e8ae399d9
                                                                                                                                            • Instruction Fuzzy Hash: CA513672F085594BEB61EB9CD4B12EE7BE1EF46304F5801B6D189DB293DD2C68428351
                                                                                                                                            Function 00007FFD346EF021 Relevance: .2, Instructions: 161COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2411dd37bcf229cd457db967fb18021d53b8cfecefd9a335dcbd518bae311f26
                                                                                                                                            • Instruction ID: 35cd1561ed5965cce59cdcdfbd211ab06183dabbdafd85886decec045ff76fd4
                                                                                                                                            • Opcode Fuzzy Hash: 2411dd37bcf229cd457db967fb18021d53b8cfecefd9a335dcbd518bae311f26
                                                                                                                                            • Instruction Fuzzy Hash: 7B41D62170C9590FE798EA1C94797BA77D6EF9A354B0801BEE48EC7293DD19AC828341
                                                                                                                                            Function 00007FFD346E0862 Relevance: .2, Instructions: 155COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 56d9ac6cd73dc5c510312b83c05bd1e464ec9078df2c6cf6c87d39c4e44462d3
                                                                                                                                            • Instruction ID: 6cea5ae2a7d6c120f07050f9ca85162825d98e7696eb844fb8fd2a43d476f918
                                                                                                                                            • Opcode Fuzzy Hash: 56d9ac6cd73dc5c510312b83c05bd1e464ec9078df2c6cf6c87d39c4e44462d3
                                                                                                                                            • Instruction Fuzzy Hash: 1941E431B189694FEB54EFA884603E977E2EF9A308F584079D10DEB2D3CD396C458780
                                                                                                                                            Function 00007FFD346E6DFB Relevance: .2, Instructions: 152COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5ec199cb103cf91dd8c43bd590e1c45d9bbd0f4531dcc50198cac7ec4152fa3b
                                                                                                                                            • Instruction ID: 7252a16db4737efe1953532ecec1b82c6f6915857dc94c4faee61b9eea5adf32
                                                                                                                                            • Opcode Fuzzy Hash: 5ec199cb103cf91dd8c43bd590e1c45d9bbd0f4531dcc50198cac7ec4152fa3b
                                                                                                                                            • Instruction Fuzzy Hash: 3D410B53B0D9A60BE762AA5C99F51FB77D0EF9222574C0277D288C62E3EC1D68468281
                                                                                                                                            Function 00007FFD346ED228 Relevance: .2, Instructions: 150COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: af05559be8f295a9b3978da4b6b7ebd41d689509bd3f302fe1e5d2e2e8972011
                                                                                                                                            • Instruction ID: e1edd36a8c36347a10ef63265c21437b99800109e8318b58ec86fb2cfdf0e84a
                                                                                                                                            • Opcode Fuzzy Hash: af05559be8f295a9b3978da4b6b7ebd41d689509bd3f302fe1e5d2e2e8972011
                                                                                                                                            • Instruction Fuzzy Hash: 93419512B0D5A60FE766AA6CA4F51E73BE0DF9322570C01B7D6CCDE197DC1CA8868350
                                                                                                                                            Function 00007FFD346F4CDA Relevance: .1, Instructions: 144COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6a84ee99c6df74c2365b7951ffd1d5833fb67e057a4c14129eb9ce6cff05f67f
                                                                                                                                            • Instruction ID: 820c59365dac6e2f8552f51b9d9a4702fe70b7b9517f30a014a4a2883d19ee65
                                                                                                                                            • Opcode Fuzzy Hash: 6a84ee99c6df74c2365b7951ffd1d5833fb67e057a4c14129eb9ce6cff05f67f
                                                                                                                                            • Instruction Fuzzy Hash: 51411322B0DB990FD796DB3C44B42B43FE1EFA7250B0941FBD489CB2A3D9189C069352
                                                                                                                                            Function 00007FFD346F5B40 Relevance: .1, Instructions: 142COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c5dd7e7c4f8b7a2c6fe172aa97024b73d671337459aaf65368d29fafde2305cf
                                                                                                                                            • Instruction ID: e73315fcdd827dad116f98282954ce53e111ae3b6b1b74a723712cb6e499b302
                                                                                                                                            • Opcode Fuzzy Hash: c5dd7e7c4f8b7a2c6fe172aa97024b73d671337459aaf65368d29fafde2305cf
                                                                                                                                            • Instruction Fuzzy Hash: 0C41F031B28E164BE7A8DA38D4B56A673D1FF95300F04457DD58EC3296EE29BC82C780
                                                                                                                                            Function 00007FFD346F7728 Relevance: .1, Instructions: 137COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bfe30beb4a0fe55435bf306a1529ef68a5633fbca0e47df4f878865a8a9c80a2
                                                                                                                                            • Instruction ID: b5d56405cf3393391aed1156d47e1efd0add29a30cf95e731175804b7756031b
                                                                                                                                            • Opcode Fuzzy Hash: bfe30beb4a0fe55435bf306a1529ef68a5633fbca0e47df4f878865a8a9c80a2
                                                                                                                                            • Instruction Fuzzy Hash: 9D41DE31B1CA698FE7599F2880A46F677E1FF56301F5540BDC18AC7292CE2DB842D741
                                                                                                                                            Function 00007FFD346E8270 Relevance: .1, Instructions: 127COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0112d34f60faa16744708dbfad98f778d68a804d27304491942828d5f84e2237
                                                                                                                                            • Instruction ID: 2d70b1872b7d1ae928af1c96ad9b57cf5c98ef1906896b914f69a0b8fcf21c32
                                                                                                                                            • Opcode Fuzzy Hash: 0112d34f60faa16744708dbfad98f778d68a804d27304491942828d5f84e2237
                                                                                                                                            • Instruction Fuzzy Hash: 1F310A217189190FF768EA2CA5553F632C2EF96314F19407AE44ECB293CC2AEC824740
                                                                                                                                            Function 00007FFD346E14E1 Relevance: .1, Instructions: 124COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 15e7744289253c84d7c4765ae58c4ec14fa239c6ebc36186709f8a826c19d42d
                                                                                                                                            • Instruction ID: d4a33b70c5cd4373a5e773697f9d815f935577a956b409fb7d5c7b40eaecff5b
                                                                                                                                            • Opcode Fuzzy Hash: 15e7744289253c84d7c4765ae58c4ec14fa239c6ebc36186709f8a826c19d42d
                                                                                                                                            • Instruction Fuzzy Hash: 0941B471B1895A8FDB94EB6CC4A57EAB7E1FF59304F080075D10EC7292CE28AC81D781
                                                                                                                                            Function 00007FFD346F4C50 Relevance: .1, Instructions: 124COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: abfb31f6c6ff0373bd3d3a8603b4d76ffdea451c4ffdc090f292851845ed83ba
                                                                                                                                            • Instruction ID: 5500bd8d7e4ef9f3a72d48e0ec52d4df7c3c137fc28cb7094893a9bc9f2ac40b
                                                                                                                                            • Opcode Fuzzy Hash: abfb31f6c6ff0373bd3d3a8603b4d76ffdea451c4ffdc090f292851845ed83ba
                                                                                                                                            • Instruction Fuzzy Hash: EC31E52260DBD94FD7A6DB3858B56B43FE0EF53250B0A41EBD4C9CB1E3DA089C458352
                                                                                                                                            Function 00007FFD346FFBEB Relevance: .1, Instructions: 123COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a4c146c87373f3c1e2d568a7f35abd44b0c1e6ebf6fde548af60b2ff171e36f8
                                                                                                                                            • Instruction ID: 68ec937d4e019ce7833a56ac61910d403990c0a68ae9649b063a5e6c9faf63f0
                                                                                                                                            • Opcode Fuzzy Hash: a4c146c87373f3c1e2d568a7f35abd44b0c1e6ebf6fde548af60b2ff171e36f8
                                                                                                                                            • Instruction Fuzzy Hash: 4131F47260CE5D4FDB58EE1C98955A677D1FFAA304B10016FE98DC3282DE25E8428782
                                                                                                                                            Function 00007FFD346E3F69 Relevance: .1, Instructions: 115COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 652a9c148426d2719c20c0a9f384a3d713649d08eb1c4535871aff6267003414
                                                                                                                                            • Instruction ID: 2b6f35a57e79c41f8d245156cdfd1fcf7207cebe8b5f7e19a1c2debc1714e6da
                                                                                                                                            • Opcode Fuzzy Hash: 652a9c148426d2719c20c0a9f384a3d713649d08eb1c4535871aff6267003414
                                                                                                                                            • Instruction Fuzzy Hash: DD318131A8D1A11FE7168B246CA75F27BE49B43329B1E01B7D058CB9E3C90D26D3C362
                                                                                                                                            Function 00007FFD346E97E0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f71975dfef373f29dfdc6708ad36f016ee336ff8a595a8515d273c602fe3e1dd
                                                                                                                                            • Instruction ID: 7bea1ef0e085be466b374ece93415a2f0b4e6e2f9f17207b5ec5e7432329eef4
                                                                                                                                            • Opcode Fuzzy Hash: f71975dfef373f29dfdc6708ad36f016ee336ff8a595a8515d273c602fe3e1dd
                                                                                                                                            • Instruction Fuzzy Hash: 8F21E122709D1E0FFFD8EA0D55B46BB2BC6EB99361B18017BD45DC3285DE29EC825340
                                                                                                                                            Function 00007FFD346FF271 Relevance: .1, Instructions: 109COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 81708eeec2b68651d9b026b5522e018e1534b246f6e97e2c4833d92ad27f7ca3
                                                                                                                                            • Instruction ID: 9c0e7798b9d757b71d0b195e1771b43239aca33705e3e3205e08509b2de2f46f
                                                                                                                                            • Opcode Fuzzy Hash: 81708eeec2b68651d9b026b5522e018e1534b246f6e97e2c4833d92ad27f7ca3
                                                                                                                                            • Instruction Fuzzy Hash: 9931C632B1896A4FE795EB6C80603FAB7D1EF96304F1841B6D04DC7292CE2DE84593C0
                                                                                                                                            Function 00007FFD346E7DD3 Relevance: .1, Instructions: 106COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4ba8248d4dff8e03832816867611f915659e1096eb53c537951147af3d43a1fc
                                                                                                                                            • Instruction ID: a6e68011daec96601a24addc7e0294e05f254761c1d93490ae89f82473a7a69b
                                                                                                                                            • Opcode Fuzzy Hash: 4ba8248d4dff8e03832816867611f915659e1096eb53c537951147af3d43a1fc
                                                                                                                                            • Instruction Fuzzy Hash: 60317031A0895E4FEF94EF68C4956FA77E0FF5A356F18013AE54DD3191CE28A881D780
                                                                                                                                            Function 00007FFD346E7DFB Relevance: .1, Instructions: 106COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5ad66310b1138b1cdb2a94d1473de2ea2d6890e6eb629e8732f2c6da8fe4a4c6
                                                                                                                                            • Instruction ID: 9429e77159ebd463c45660b63b0e5d8c476940556d728f4b2d23eff132771b69
                                                                                                                                            • Opcode Fuzzy Hash: 5ad66310b1138b1cdb2a94d1473de2ea2d6890e6eb629e8732f2c6da8fe4a4c6
                                                                                                                                            • Instruction Fuzzy Hash: 1F31D631A0CA9E4FDB85DF2888A56FA7BF0FF5A305F08017AD149D3192DA2C9C85D790
                                                                                                                                            Function 00007FFD346FCA31 Relevance: .1, Instructions: 106COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e10062ad51be263fa81e5005c1255073f04599d1884a9934d08e6eff32e45ec0
                                                                                                                                            • Instruction ID: 16e2c0b20221e2b11618a73b276d3f3148d34af6acf8e9a8c14cc53fec3ec527
                                                                                                                                            • Opcode Fuzzy Hash: e10062ad51be263fa81e5005c1255073f04599d1884a9934d08e6eff32e45ec0
                                                                                                                                            • Instruction Fuzzy Hash: 2731023291CB984FDB14EF189C565E9BBE4FF9A310F0401AFE989D3152DA24B94487C3
                                                                                                                                            Function 00007FFD346FF3B5 Relevance: .1, Instructions: 104COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7a206c62a01d9fc04b08e238c98bdaf8d29d9af58f007036a93f4c3cb3792525
                                                                                                                                            • Instruction ID: c243a4832b09f170f7b5aaaa606f74d91910a595c75c82c47117aafcdb14d41e
                                                                                                                                            • Opcode Fuzzy Hash: 7a206c62a01d9fc04b08e238c98bdaf8d29d9af58f007036a93f4c3cb3792525
                                                                                                                                            • Instruction Fuzzy Hash: 3631F472B099580FE754EB2864622F977E6DF9A318F1900B7D00ADB293CD3DAC4243D1
                                                                                                                                            Function 00007FFD346F6DE1 Relevance: .1, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 78da02445bc187de6f065edfc75e55bdac93d78a001cd6bd9c593460f94fd47d
                                                                                                                                            • Instruction ID: 45d0b343fab436090250254dc88cc1613b51be747ac5276d0c4bf046ae724c02
                                                                                                                                            • Opcode Fuzzy Hash: 78da02445bc187de6f065edfc75e55bdac93d78a001cd6bd9c593460f94fd47d
                                                                                                                                            • Instruction Fuzzy Hash: 03215C32B0CA188FDB98DE5894A56FD77E1FF99310F44023ED14ED3291CE28A8419685
                                                                                                                                            Function 00007FFD346E92C5 Relevance: .1, Instructions: 99COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b48a6bd16ab315b2115e6ab5afff56beca183aabb5067f1567144642348f120c
                                                                                                                                            • Instruction ID: 146dcf7ff2ba031fb851f7f2b8b3920c3fd039a9e84a7a25a5cb1884db1e764c
                                                                                                                                            • Opcode Fuzzy Hash: b48a6bd16ab315b2115e6ab5afff56beca183aabb5067f1567144642348f120c
                                                                                                                                            • Instruction Fuzzy Hash: AA21E757B1D2A506D32276BDF8621DB3B90DFC223AB5C42B7C1CCCE093ED18618A86D5
                                                                                                                                            Function 00007FFD346F64B2 Relevance: .1, Instructions: 91COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f360ebf8b4bd610cf757910f37316ccc37a1a8c9e703d1321a388075ec92fc13
                                                                                                                                            • Instruction ID: cdb97377bf4cf84185a30c3e9d74744d9ca1544e90cabdb7036838c00db3e02e
                                                                                                                                            • Opcode Fuzzy Hash: f360ebf8b4bd610cf757910f37316ccc37a1a8c9e703d1321a388075ec92fc13
                                                                                                                                            • Instruction Fuzzy Hash: A221C633B0CA184FE668AE0CA4A21F973C2EFD6325B54017BD18DC32A2DD1AAC435246
                                                                                                                                            Function 00007FFD346F9B6B Relevance: .1, Instructions: 91COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8f3b69bf59b1efbff68a0f111a366f26aa2b2d030700a25b344d639cc94ac1b4
                                                                                                                                            • Instruction ID: 539d7dfb08de0fd1966f0b6f97578bd7c70b56b437b87de6e93fedc0bb961eb4
                                                                                                                                            • Opcode Fuzzy Hash: 8f3b69bf59b1efbff68a0f111a366f26aa2b2d030700a25b344d639cc94ac1b4
                                                                                                                                            • Instruction Fuzzy Hash: 93311771A1891D8FDB98EF18C494AE937E2FF5A318F0501B9E44DD72A1DA38E844CB40
                                                                                                                                            Function 00007FFD346EBE1D Relevance: .1, Instructions: 87COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2fcef8489ec436c91df2f78cf4c978e9f4cc1a7285eefb312cbbedb905273372
                                                                                                                                            • Instruction ID: 8d206fd114e8992ff7863742c36df90f7200eca1ecffad91d17462521bceb6b4
                                                                                                                                            • Opcode Fuzzy Hash: 2fcef8489ec436c91df2f78cf4c978e9f4cc1a7285eefb312cbbedb905273372
                                                                                                                                            • Instruction Fuzzy Hash: 88112C3170EA5A0FE758DA1D98A56B237D5EF97354B0801BED14CCB293DD1DE8418740
                                                                                                                                            Function 00007FFD346FBCD8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5c6e1a74458c96429ff2e8aca645df819a6ed0b17a10a04b5a3ec6b67a75ca20
                                                                                                                                            • Instruction ID: 59a8107bb4fe265c274a945caf4d23daaf58a3f4e175ed366ca351d64f6876b5
                                                                                                                                            • Opcode Fuzzy Hash: 5c6e1a74458c96429ff2e8aca645df819a6ed0b17a10a04b5a3ec6b67a75ca20
                                                                                                                                            • Instruction Fuzzy Hash: B3210832A09A994FE7559B3888B96E23BD1FF57310F5446BEC189C71E3DA2CA806C351
                                                                                                                                            Function 00007FFD346E9211 Relevance: .1, Instructions: 81COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 88b7b4797a07995c54dfa165e6d26ea37e81eff28dff694c3f7e340f952b0eb1
                                                                                                                                            • Instruction ID: 063065cbfc42d4634e419e67dc4d6912432fe95c2e83cba83db6ce5a04b6cf74
                                                                                                                                            • Opcode Fuzzy Hash: 88b7b4797a07995c54dfa165e6d26ea37e81eff28dff694c3f7e340f952b0eb1
                                                                                                                                            • Instruction Fuzzy Hash: D121F03161C6A84FDBA1CF2D98A06E63BE1AF4B300F1901F7D4C8CB193D5699C898782
                                                                                                                                            Function 00007FFD346EDEE1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5f4d01f484c195b7249403870d10646e4da4fb3617513910b05c7a88101d39cf
                                                                                                                                            • Instruction ID: b361145470d45017ff4c2d979c150137909e616fe510c39ef1bc28686638ce34
                                                                                                                                            • Opcode Fuzzy Hash: 5f4d01f484c195b7249403870d10646e4da4fb3617513910b05c7a88101d39cf
                                                                                                                                            • Instruction Fuzzy Hash: F1110422B1ED9A0FE7958D2D2DE91B52AC1DF9660470D01FBD648C72E3D909DC848342
                                                                                                                                            Function 00007FFD346EDF00 Relevance: .1, Instructions: 77COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 54b92cb7cfc71259ca9e49194bcf79c529909dcd38bffcf58fac5507d577dc4a
                                                                                                                                            • Instruction ID: 0dbdeda0d234b92ee094ccbaf23eebaff5fc23e77908d9e40b12ab0743b476bf
                                                                                                                                            • Opcode Fuzzy Hash: 54b92cb7cfc71259ca9e49194bcf79c529909dcd38bffcf58fac5507d577dc4a
                                                                                                                                            • Instruction Fuzzy Hash: 7E110823F1EC6A0BE6D48C5D3CE91F626C1DBDA61571901BBEA0CC72E2DD4ADC818342
                                                                                                                                            Function 00007FFD346EBF7D Relevance: .1, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f0532445304f742600522074e9458706dee6a12bb888dd1b3bbd7fe418a65c77
                                                                                                                                            • Instruction ID: 23f9d457fb4c1735ab67ea9978646089f8dda081027c2fcac2b34cb0eef1ce53
                                                                                                                                            • Opcode Fuzzy Hash: f0532445304f742600522074e9458706dee6a12bb888dd1b3bbd7fe418a65c77
                                                                                                                                            • Instruction Fuzzy Hash: EA11382170D6951FE762EA6899916B23BD0EF57310B0900FBE48DCB193DC19ACC24361
                                                                                                                                            Function 00007FFD346E1690 Relevance: .1, Instructions: 60COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ebb09ab141c5073ab4c6ecc272ab5e8bfeff0f0b49f5adc0d53910c270ccaca5
                                                                                                                                            • Instruction ID: fc084cfec2554b0ebc09c55d12904a2092c1a0b1f1b0a788359aa63a7a15b006
                                                                                                                                            • Opcode Fuzzy Hash: ebb09ab141c5073ab4c6ecc272ab5e8bfeff0f0b49f5adc0d53910c270ccaca5
                                                                                                                                            • Instruction Fuzzy Hash: E6110393B0F6D25AE6114A641DB90FAFBD5AF5321070C00FBD1988B0D7D80EAD46A351
                                                                                                                                            Function 00007FFD346E0480 Relevance: .1, Instructions: 59COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a9769a6869f1202e5a6a7e24459de8d9bc515e4ad0308d6ddcde72ba0665d089
                                                                                                                                            • Instruction ID: 910ce6485f1874c53b67fb7a21691a8fe84f35bb92e570349768abbea49c4800
                                                                                                                                            • Opcode Fuzzy Hash: a9769a6869f1202e5a6a7e24459de8d9bc515e4ad0308d6ddcde72ba0665d089
                                                                                                                                            • Instruction Fuzzy Hash: C0017516B0D06606E636B2ACF4B15FB2B548F8523EB5941B3E1CCE9093DC0D694981D5
                                                                                                                                            Function 00007FFD346E6FC9 Relevance: .1, Instructions: 59COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ecd4b3f01718c8fc95fd5bc28dfd006181c8f8de5b85f0798152b37fae496139
                                                                                                                                            • Instruction ID: 7c0d2196c924e9eb3101ce73fc49aad767768cf8193ae6442994fccf39e4e30f
                                                                                                                                            • Opcode Fuzzy Hash: ecd4b3f01718c8fc95fd5bc28dfd006181c8f8de5b85f0798152b37fae496139
                                                                                                                                            • Instruction Fuzzy Hash: 6411C861B19E4B0FDBA9EF6C84A15F677E1FFA530875804B6D089C7186EE1CEC469340
                                                                                                                                            Function 00007FFD346E4ED0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b9252b25a371cd2bd1286711aaf0d4a537fadcb5010db898a5fa512157e7f41e
                                                                                                                                            • Instruction ID: cbb913cf46ce1449ef4075cccb32e7ae85074ccdf2a155a7675ebfbf1248770a
                                                                                                                                            • Opcode Fuzzy Hash: b9252b25a371cd2bd1286711aaf0d4a537fadcb5010db898a5fa512157e7f41e
                                                                                                                                            • Instruction Fuzzy Hash: 7201A221B0881D4FDAE4DA5DA4B47B723C5EBDA314F44027AE60CC3296DD68EC814380
                                                                                                                                            Function 00007FFD346E9259 Relevance: .1, Instructions: 55COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a94bc60f9f127cda64e59949c0af1f0eccf67d6724fcb28e90cb4bd57a4663d5
                                                                                                                                            • Instruction ID: 85da978afae86bb4acc31566ea6e22dd2a650af8c3c88c189ac9ab2022ce3b2a
                                                                                                                                            • Opcode Fuzzy Hash: a94bc60f9f127cda64e59949c0af1f0eccf67d6724fcb28e90cb4bd57a4663d5
                                                                                                                                            • Instruction Fuzzy Hash: E701D430A1C6554FEBA0CF1D85906E677D0FF4A300F0801FAD4CCC7192DA5C9C898B41
                                                                                                                                            Function 00007FFD346F02D1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: be67f164f44939a52546e63ef94d6c6bbccdca651612abefb91f0bcf9a2445df
                                                                                                                                            • Instruction ID: 80143a205d451a9a120d768023488cafa20f006e9e5763874b3c99f7f36f54ee
                                                                                                                                            • Opcode Fuzzy Hash: be67f164f44939a52546e63ef94d6c6bbccdca651612abefb91f0bcf9a2445df
                                                                                                                                            • Instruction Fuzzy Hash: 5AF0B43270D9580FE394992CAC5E9B23BD4DF6623230602FFE948C7163E94698468354
                                                                                                                                            Function 00007FFD346FABB1 Relevance: .1, Instructions: 52COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5fcd80fbdef0a7673e31623685f4ffd52be3e79bb2927b7924b4ca56069a13ac
                                                                                                                                            • Instruction ID: 70df361f731fb092fc997c075e3ae99d73b245539fa883841660bf7a4be26822
                                                                                                                                            • Opcode Fuzzy Hash: 5fcd80fbdef0a7673e31623685f4ffd52be3e79bb2927b7924b4ca56069a13ac
                                                                                                                                            • Instruction Fuzzy Hash: 93F02283B0EA9A0FE796856D6CEA2F42BC4DF9A62170841B7D18CC6193DC4C5C8743A2
                                                                                                                                            Function 00007FFD346FF4D9 Relevance: .1, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0c4073c9c3736d37f57f5a19ea4cead4203197b9644b2d817f5d330550edd183
                                                                                                                                            • Instruction ID: c50e1727141880c1f3f6f1c6080e130cca6792f9fe32215d8f8f444b84d85b35
                                                                                                                                            • Opcode Fuzzy Hash: 0c4073c9c3736d37f57f5a19ea4cead4203197b9644b2d817f5d330550edd183
                                                                                                                                            • Instruction Fuzzy Hash: 3B012631A0C6910FE3499768A8517F63BD6DF87320F5A81BBE18CCB1D3D95D58828382
                                                                                                                                            Function 00007FFD346E5D33 Relevance: .1, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: af00c18490a0b2c9e44b4bb882e87682f46d50c6b8d9ee4d8d4ae5ac54a40118
                                                                                                                                            • Instruction ID: f314e409b18b2e0882d2514fd21af9c986f92d5255c4a0a717173d67869a16df
                                                                                                                                            • Opcode Fuzzy Hash: af00c18490a0b2c9e44b4bb882e87682f46d50c6b8d9ee4d8d4ae5ac54a40118
                                                                                                                                            • Instruction Fuzzy Hash: 08F0FC11B1CE2E0FE7E4BEEC25B92F962C1DB89221B84047BD50EC2197EC1DDC814288
                                                                                                                                            Function 00007FFD346ED79D Relevance: .1, Instructions: 51COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6f117c6f5aafb2497364cefce4604406e7aced73ecdc971ac9f4669d7ad52403
                                                                                                                                            • Instruction ID: 7f15f753b738d9abaeb37699af882929dfbf73f64c240835b51c196997f5e211
                                                                                                                                            • Opcode Fuzzy Hash: 6f117c6f5aafb2497364cefce4604406e7aced73ecdc971ac9f4669d7ad52403
                                                                                                                                            • Instruction Fuzzy Hash: 0A012B1160DEDA0BE756AB3C54A01F67BD1DF57215B4C12BBC5CDC21C7DD1C68828341
                                                                                                                                            Function 00007FFD346E5A80 Relevance: .0, Instructions: 49COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 365d64abb94dab7c1b0605e98a0795c89c37ec90d2bca8f6d3dc1686e9e905c5
                                                                                                                                            • Instruction ID: 84a426902f813afcaa9f9cd3b0f5416f76e694ddc880913bac64aa3312c9222d
                                                                                                                                            • Opcode Fuzzy Hash: 365d64abb94dab7c1b0605e98a0795c89c37ec90d2bca8f6d3dc1686e9e905c5
                                                                                                                                            • Instruction Fuzzy Hash: 8E01D621B15D0B0FDAE8FB6C90A55F773E1FFA8304748057AD04DC3249DD28E8828381
                                                                                                                                            Function 00007FFD346FEFF8 Relevance: .0, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a9338839033bcda1466164df4fe99c0ff44d3ed25476e4a883bb669aaab11e3f
                                                                                                                                            • Instruction ID: 73f7a35da473c200f8a7bd9ead6ce372636ae5eabb1d450c81092df703ded7bc
                                                                                                                                            • Opcode Fuzzy Hash: a9338839033bcda1466164df4fe99c0ff44d3ed25476e4a883bb669aaab11e3f
                                                                                                                                            • Instruction Fuzzy Hash: FDF0F961F18E1C5FDB90EF6C88546EA76E5EFDA310B400167E408D3181DE185C444351
                                                                                                                                            Function 00007FFD346E4B4D Relevance: .0, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d4220e031592b0c9e2c743ad381ffc53163ab0ade9dddd4b149622cca9765a8a
                                                                                                                                            • Instruction ID: e687f25535851e9f1bb78fd99a715d11d66bedcb0be6343824dd85079d179372
                                                                                                                                            • Opcode Fuzzy Hash: d4220e031592b0c9e2c743ad381ffc53163ab0ade9dddd4b149622cca9765a8a
                                                                                                                                            • Instruction Fuzzy Hash: CA01AF05A1EAD61FD3A367782DB42E26FE58E8322570D02F7D1C8CB0C7D90C5895D3A6
                                                                                                                                            Function 00007FFD346E7D50 Relevance: .0, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d7b15803618bdb6e2cf3706307403d173f304ff4bbddb05ceac6edea17d7719b
                                                                                                                                            • Instruction ID: 9a88f23d5f876beae5a8da963bb587404e6df841df616093b219be5558d85684
                                                                                                                                            • Opcode Fuzzy Hash: d7b15803618bdb6e2cf3706307403d173f304ff4bbddb05ceac6edea17d7719b
                                                                                                                                            • Instruction Fuzzy Hash: BDF0E23371C82B8EE678950D94E97F2A6D5EF8B3F0F290176E5CEC2192E84D6C429340
                                                                                                                                            Function 00007FFD346E4CF5 Relevance: .0, Instructions: 44COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d08d64943b061e44d5ff2938a2fa6e001baae8e6a6266408df876dc3e30332ef
                                                                                                                                            • Instruction ID: 0fd6ecde9fde3b7ba35f1a77c7ee9935a2d2a22ef2949d96e6968009fa722750
                                                                                                                                            • Opcode Fuzzy Hash: d08d64943b061e44d5ff2938a2fa6e001baae8e6a6266408df876dc3e30332ef
                                                                                                                                            • Instruction Fuzzy Hash: 64F0E212F0EDAA1FD296963C2AB41F55BC2EB9616074D03F7C548CB287DC4C8D870391
                                                                                                                                            Function 00007FFD346E5BE9 Relevance: .0, Instructions: 42COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e555f9513f580fed39e6397dcecb217cf8d4943c9563639ddfdd08d1b735e4dd
                                                                                                                                            • Instruction ID: e05a839d0a006d555e52b3aa2fb2c52436183cc775aeff303fe68ac26842a191
                                                                                                                                            • Opcode Fuzzy Hash: e555f9513f580fed39e6397dcecb217cf8d4943c9563639ddfdd08d1b735e4dd
                                                                                                                                            • Instruction Fuzzy Hash: 9101DC30918B8E4FDB92EF6888681EA7FF0FF16200B4404ABD858D71A2DA7848558301
                                                                                                                                            Function 00007FFD346F6413 Relevance: .0, Instructions: 41COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6dada96357b2b12311360f90bbe880902a4907852e00db6f248d02fcd0e128b1
                                                                                                                                            • Instruction ID: aa2edb8fea1ad4fe6dd6153ccfb63d0786204c0ae62dbf6d4059a6e47de79952
                                                                                                                                            • Opcode Fuzzy Hash: 6dada96357b2b12311360f90bbe880902a4907852e00db6f248d02fcd0e128b1
                                                                                                                                            • Instruction Fuzzy Hash: 6EF0FE72A2CB188B9F04AE4CBC434ED77D0FB89B20F50116FF94943251D625B8928AC7
                                                                                                                                            Function 00007FFD346EB902 Relevance: .0, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 178b6006665a802e26a36d61d39d8e741899000b283ebb31bfc2cd0b6fb86bcf
                                                                                                                                            • Instruction ID: 2395b3dedbe5bdd9d466b23e569f2aaa554137a7c69ae705e9cb9d6742557db7
                                                                                                                                            • Opcode Fuzzy Hash: 178b6006665a802e26a36d61d39d8e741899000b283ebb31bfc2cd0b6fb86bcf
                                                                                                                                            • Instruction Fuzzy Hash: 06F0C22060EADA0FD316DB3895A46E17BE0AF47310B4D01FAD588CB297DA1CA8858791
                                                                                                                                            Function 00007FFD346E8AE8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f9d1133d4b480487b7f57d909160fc79f8ccbea9def77c0fd8c5d73d4c9e41e8
                                                                                                                                            • Instruction ID: 29238094c82627be3aac2573d96068aa46e11dfb9b68b63897826f8d1954618d
                                                                                                                                            • Opcode Fuzzy Hash: f9d1133d4b480487b7f57d909160fc79f8ccbea9def77c0fd8c5d73d4c9e41e8
                                                                                                                                            • Instruction Fuzzy Hash: 65F05C21718D1E0AD5A4B71C60956FF33D1DBC5310F44023BD40DD3285CC5C6C824381
                                                                                                                                            Function 00007FFD346EDF92 Relevance: .0, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 44447fa69ef7c2d30754ad3e0d9b2e445e28803d04e016b78a085562ac197f19
                                                                                                                                            • Instruction ID: fbc99b328241a9657542f6461ffa6787feb5c7dac69651707e9f469e88beb971
                                                                                                                                            • Opcode Fuzzy Hash: 44447fa69ef7c2d30754ad3e0d9b2e445e28803d04e016b78a085562ac197f19
                                                                                                                                            • Instruction Fuzzy Hash: 1DF0F65190E3D00FDB06DB344865292BFE2DF97210B4D81EAC5C8CF093C52CD449C342
                                                                                                                                            Function 00007FFD346E04C0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6694a5dbd7eb7987b3fb7f189896257d4e107b888f1550ca6f9e487cf08743e9
                                                                                                                                            • Instruction ID: 49cf3711c064f514f7c1aaef5929008a652d932e1a5f6c9adca8aacf7cf78e6e
                                                                                                                                            • Opcode Fuzzy Hash: 6694a5dbd7eb7987b3fb7f189896257d4e107b888f1550ca6f9e487cf08743e9
                                                                                                                                            • Instruction Fuzzy Hash: 28E09212B1C47A06FB78B2AC70B13FA67948F4A229F5901B3D4CCD61C3DC4D1C4542C5
                                                                                                                                            Function 00007FFD346E1614 Relevance: .0, Instructions: 27COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5609b7ab42afeb4358b0734167457ed125298a4884d3102c635f878c65b42e1a
                                                                                                                                            • Instruction ID: 35684e88b1a8b37f95c642e5505fdb9d8443f9892c846615fc12f903e854e068
                                                                                                                                            • Opcode Fuzzy Hash: 5609b7ab42afeb4358b0734167457ed125298a4884d3102c635f878c65b42e1a
                                                                                                                                            • Instruction Fuzzy Hash: B9E07D33A0CD4C4BCB40AA98A8114D6BBD0FBC530CF04009BE55CC3181D22195518351
                                                                                                                                            Function 00007FFD346E04C8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 16d6e0bee4cb87f0c33afd98bbf8ba4dce3ed44b013d8d3632e706be9ae63a27
                                                                                                                                            • Instruction ID: 11d7f445175899e2abc62d0206a044a40779add726fc1b268e120f5e346ed006
                                                                                                                                            • Opcode Fuzzy Hash: 16d6e0bee4cb87f0c33afd98bbf8ba4dce3ed44b013d8d3632e706be9ae63a27
                                                                                                                                            • Instruction Fuzzy Hash: 83E08612B1C43605FB7871AC70B13FA63988F4A228F580173E4CCD61C7DC4D2C8541C5
                                                                                                                                            Function 00007FFD346E45A0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a2eca496a8e63d74f69e0974f76574c55826ccc7e7bfebbe2417c50c673c725a
                                                                                                                                            • Instruction ID: 56576d65bace72d0d1995cd85de1224d0b67ce29dde9f473807aee6c9b864965
                                                                                                                                            • Opcode Fuzzy Hash: a2eca496a8e63d74f69e0974f76574c55826ccc7e7bfebbe2417c50c673c725a
                                                                                                                                            • Instruction Fuzzy Hash: 11E08C22B0E9394FDBB4EF2C95A46B437E1EF1A74070500EAE4DDDB2D5C914AC0893C1
                                                                                                                                            Function 00007FFD346F5381 Relevance: .0, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c22214349aba8a2af8fac0b57b92db312700bc1ce3a8325770904d24a18c2f4d
                                                                                                                                            • Instruction ID: 51604363e1b0bf38a6553816f7b61c1ad21d137e3cf6ef920cf1188152d6e087
                                                                                                                                            • Opcode Fuzzy Hash: c22214349aba8a2af8fac0b57b92db312700bc1ce3a8325770904d24a18c2f4d
                                                                                                                                            • Instruction Fuzzy Hash: 26E0D8337085254FE758EE0494F05F53392DF92320F54463BC546C62D2DD5CE8825380
                                                                                                                                            Function 00007FFD346FF189 Relevance: .0, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f2a9ff7ba4e43c4f72a98d26d3dc03cd613bd0a6a6bc1132aad8aa6cec12972d
                                                                                                                                            • Instruction ID: 6f8419357f04fa41135dde3b201d7e3014701bca9bbe4d47abceea703a942961
                                                                                                                                            • Opcode Fuzzy Hash: f2a9ff7ba4e43c4f72a98d26d3dc03cd613bd0a6a6bc1132aad8aa6cec12972d
                                                                                                                                            • Instruction Fuzzy Hash: 2DE09222A4D6E50FE77A926858B52A47FA49F06220F1A01EBC588CB1D3E84D5C454392
                                                                                                                                            Function 00007FFD346E4260 Relevance: .0, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 18ba18a943ee4dd1e0716ccb17947207b2c0a5ac732912e0e0b1e0b67193fad7
                                                                                                                                            • Instruction ID: 46310ae5aee65eba94a483cb0750a73fc2476c13dba8f7d1706867bc74818bc3
                                                                                                                                            • Opcode Fuzzy Hash: 18ba18a943ee4dd1e0716ccb17947207b2c0a5ac732912e0e0b1e0b67193fad7
                                                                                                                                            • Instruction Fuzzy Hash: 39D01211F19C3A1B50B4663C39656EA00C5DBC962078D0372E90CC224DDC0C9CC152C1
                                                                                                                                            Function 00007FFD346E8150 Relevance: .0, Instructions: 24COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 628f1e6163320f570407ec2511ffc3f6bb5963e2981e17cfddf52d5cbf1ae00e
                                                                                                                                            • Instruction ID: 8070117ed7f776c1ec64030cb56e28a79a1419ddc346a67b3002174c509ad706
                                                                                                                                            • Opcode Fuzzy Hash: 628f1e6163320f570407ec2511ffc3f6bb5963e2981e17cfddf52d5cbf1ae00e
                                                                                                                                            • Instruction Fuzzy Hash: 99E0C225F0AC4A07DE88A9298CE20A131D1EBAA208BE800ADC808C3281F81FD8C29341
                                                                                                                                            Function 00007FFD346FFD40 Relevance: .0, Instructions: 23COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 65ad5448810cd6cc9acf1a3f7e2c9cb4b5460adbb0ef6f5f982c28b98cbe4fcf
                                                                                                                                            • Instruction ID: d62db5feee7958049c2db35d3a7f4ee35e7ab622b690d41e1c57bfcb3ad7a998
                                                                                                                                            • Opcode Fuzzy Hash: 65ad5448810cd6cc9acf1a3f7e2c9cb4b5460adbb0ef6f5f982c28b98cbe4fcf
                                                                                                                                            • Instruction Fuzzy Hash: 0BE04FA041E3D10FD70A573488655E9BFA0AF43214F8906EED5D9CB193C66C418AD753
                                                                                                                                            Function 00007FFD346E59D0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: de468debe682384a4ada51a86ca342db9928b04da778ab81132a384b1a51b698
                                                                                                                                            • Instruction ID: ada483782fdd4859b7143135c3de775f1d3df11eacb8b94e6e91f242afdbcf07
                                                                                                                                            • Opcode Fuzzy Hash: de468debe682384a4ada51a86ca342db9928b04da778ab81132a384b1a51b698
                                                                                                                                            • Instruction Fuzzy Hash: C6E0C230A18B5647E704AE328D950BB71D1BF88201F884A36DDCCC10A0FA2CC3C9A642
                                                                                                                                            Function 00007FFD346E59E0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d606a3eff54a8afc23c6f3d9692f99aba78f197071398acf0b125e50e4cf453a
                                                                                                                                            • Instruction ID: ee703bed27fee314669a121c933eb59d0124e4d550649b8f0b3095df11891827
                                                                                                                                            • Opcode Fuzzy Hash: d606a3eff54a8afc23c6f3d9692f99aba78f197071398acf0b125e50e4cf453a
                                                                                                                                            • Instruction Fuzzy Hash: 67D02B31A28D2506EB50BA3852586F763C0CB85310F080637ED0DD71A0DC4C59C102C5
                                                                                                                                            Function 00007FFD346E04D8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b77de8d09ae29eef49a5fb4f1a0b9ff847a682187363eda809b745f471148012
                                                                                                                                            • Instruction ID: 8509c440db55a590b76afbfaddb96a0eaf62eabf363d1e878bf1779a3584fa81
                                                                                                                                            • Opcode Fuzzy Hash: b77de8d09ae29eef49a5fb4f1a0b9ff847a682187363eda809b745f471148012
                                                                                                                                            • Instruction Fuzzy Hash: 42D05E21B5883A06FB7C619C60613F851888F49220F500076E40DD22C6DC8D1C8102C1
                                                                                                                                            Function 00007FFD346EEE20 Relevance: .0, Instructions: 19COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 05e65480f993b5021dca89b51f6a3b6b7639ef37cb358b3d76ff212931b5f16e
                                                                                                                                            • Instruction ID: 6696bb32fad64949aaf381efba8ff5d554bab77c52abf37e55b35ddcf1bc4980
                                                                                                                                            • Opcode Fuzzy Hash: 05e65480f993b5021dca89b51f6a3b6b7639ef37cb358b3d76ff212931b5f16e
                                                                                                                                            • Instruction Fuzzy Hash: 9AD0C724A218154FD844B65D99C12D133D2AF5632CFDD00B0ED09DF353E5AFE9D54781
                                                                                                                                            Function 00007FFD346FB81B Relevance: .0, Instructions: 17COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4359b9667766aabe86bef7fcd41b57be476a211f51df856423158e4064a2a747
                                                                                                                                            • Instruction ID: 62b4b08f9660013df4b4f1bca851b8751acc39bda10ffb7c0d53dd07dffc89cf
                                                                                                                                            • Opcode Fuzzy Hash: 4359b9667766aabe86bef7fcd41b57be476a211f51df856423158e4064a2a747
                                                                                                                                            • Instruction Fuzzy Hash: 89D0C711B15E0907C5B5B77CE4511EAA2D5EB942357904B76D09AC72C9EE2D94438341
                                                                                                                                            Function 00007FFD346E3B59 Relevance: .0, Instructions: 14COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3b199c7db29a0555a7ea2d430dad342ee8e14e956db0a55e7f56215082f33101
                                                                                                                                            • Instruction ID: 997b7d358fd8d2d8500eb8fde752d65d200a4f4b8fd1e4bbfd3917e13a3156b1
                                                                                                                                            • Opcode Fuzzy Hash: 3b199c7db29a0555a7ea2d430dad342ee8e14e956db0a55e7f56215082f33101
                                                                                                                                            • Instruction Fuzzy Hash: 42C08C32F0481C8E8F80EF8CB0416EDB7F0EB9D221F082033D20DE3140CE2414904790

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 00007FFD346E8D58 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: 4|4$(4|4$84|4$@4|4$@u{4$Pv{4
                                                                                                                                            • API String ID: 0-137218549
                                                                                                                                            • Opcode ID: cb345a92c4fda3a59edd0522a43d43398d38311bd04e0c5f650f6d76a9887a6b
                                                                                                                                            • Instruction ID: ae8d2931316e5ffae840613c6774e1a69dda9f8ba46ea10afc6ae1bee1711faf
                                                                                                                                            • Opcode Fuzzy Hash: cb345a92c4fda3a59edd0522a43d43398d38311bd04e0c5f650f6d76a9887a6b
                                                                                                                                            • Instruction Fuzzy Hash: F951C662A0C6994FDF91EF6CC8A51FE7BE1FF59314F0814BAC188D7187DE28A8458781
                                                                                                                                            Function 00007FFD346E6748 Relevance: 6.7, Strings: 5, Instructions: 479COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: HA]4$HA]4$Pgn4$aS_H$L_H
                                                                                                                                            • API String ID: 0-3660084416
                                                                                                                                            • Opcode ID: 78717766aad31145434c2fed0bc548b9496d205ecb99b991e08391f4dba42f92
                                                                                                                                            • Instruction ID: 77309530b4d55a013170f2aa1615a1fe3613818d1998492aab1d22b2fb667630
                                                                                                                                            • Opcode Fuzzy Hash: 78717766aad31145434c2fed0bc548b9496d205ecb99b991e08391f4dba42f92
                                                                                                                                            • Instruction Fuzzy Hash: 11E1373270DA5A0FEBA4EF2C98A06B577E1EFA6310B0401BAD58DC7697DD1DEC468340
                                                                                                                                            Function 00007FFD346F5391 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: @Ez4$HA]4$HA]4$NS_H
                                                                                                                                            • API String ID: 0-4019521270
                                                                                                                                            • Opcode ID: 21453f6c50b67b3e97ae4cd7a21ad7f473b15d99b7b366fc24c0b72d4af868b7
                                                                                                                                            • Instruction ID: 572f74b5b404bcc973964cd55c8a57e5c6f90a22deca14069477ed8dcc2c33c9
                                                                                                                                            • Opcode Fuzzy Hash: 21453f6c50b67b3e97ae4cd7a21ad7f473b15d99b7b366fc24c0b72d4af868b7
                                                                                                                                            • Instruction Fuzzy Hash: 30512412B1CAA60FE7959A3844B52F53BD2EF97311F5840BAC18ECB2C3DD1DAC429341
                                                                                                                                            Function 00007FFD346E8BFA Relevance: 5.1, Strings: 4, Instructions: 96COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: M_^$M_^$M_^$M_^
                                                                                                                                            • API String ID: 0-1397233021
                                                                                                                                            • Opcode ID: f980e043221b43e3cb3be762bfedb4c9d222ba3ecc2369109291ca5594d0a697
                                                                                                                                            • Instruction ID: e453d45a0842b0cebd4e1da815bac19e75ace3a904cd79b5611ed7af674dad9f
                                                                                                                                            • Opcode Fuzzy Hash: f980e043221b43e3cb3be762bfedb4c9d222ba3ecc2369109291ca5594d0a697
                                                                                                                                            • Instruction Fuzzy Hash: 9F31E4F3A0A6924FE3536B2E58A90E737D0EF5361874E06F5C1D8CB093FD1C648A8181
                                                                                                                                            Function 00007FFD346E85FA Relevance: 5.1, Strings: 4, Instructions: 82COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: M_^$M_^$M_^#$M_^$
                                                                                                                                            • API String ID: 0-3697010251
                                                                                                                                            • Opcode ID: df0d30176157aa8aadabc8ba7775092f8600032f148ea219d3c8691ad36d78c3
                                                                                                                                            • Instruction ID: 8c56d5a03a1ffd0df590fe9fd9bdaaa641433e67b5d3c0edcb086a29e31c3210
                                                                                                                                            • Opcode Fuzzy Hash: df0d30176157aa8aadabc8ba7775092f8600032f148ea219d3c8691ad36d78c3
                                                                                                                                            • Instruction Fuzzy Hash: 2D21D372F1C666CAD2376A5CA5A00E6B7E0AF52225B4D1BF6C29CD70C3BC1D388452C5
                                                                                                                                            Function 00007FFD346E8BF8 Relevance: 5.1, Strings: 4, Instructions: 78COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000003.00000002.2262125903.00007FFD346E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD346E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_3_2_7ffd346e0000_BootstrapperV1.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: M_^$M_^$M_^$M_^
                                                                                                                                            • API String ID: 0-1397233021
                                                                                                                                            • Opcode ID: 7d73cfdda9ab48956e855234c2d7134f491862a27e62987b3e93a37c8c6b6f3f
                                                                                                                                            • Instruction ID: fcef1cc2fd7727bcb4a02c2480844e470c72101ae7a4aa3ad856e80a5254994b
                                                                                                                                            • Opcode Fuzzy Hash: 7d73cfdda9ab48956e855234c2d7134f491862a27e62987b3e93a37c8c6b6f3f
                                                                                                                                            • Instruction Fuzzy Hash: 1B21E4F3A0A5924FE3525B2E49ED0E637D0EF63B1874E16F5C198CB093FD1D648A9281